Are IdP released attributes always visible in the raw token?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Are IdP released attributes always visible in the raw token?

Mike Edgar
Hi guys,

I'm concerned that the IdP is not releasing attributes on authentication, despite the fact that they say they are, is there any way in which I can prove to them that no attributes are being released?

I thought that if i monitor the response from the IdP while I authenticate, i would be seeing the raw token as it comes back wrapped in the token response as below..      

<wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
.....
</wst:RequestSecurityTokenResponse>

can you confirm for me whether I am understanding this correctly?

Basically I am trying to highlight to them that it's not my attribute map or attribute policy that is stopping  the attributes from being processed, but more that they are simply not releasing anything.

I'm guessing that ADFS may _not_ release an attribute if the value is empty, but then again that would put the onus on them to make it work.

Thanks,

Mike Edgar