VIP AuthHub- Remove default assertion attributes from Assertion body
search cancel

VIP AuthHub- Remove default assertion attributes from Assertion body

book

Article ID: 420515

calendar_today

Updated On:

Products

Symantec Identity Security Platform - IDSP (formerly VIP Authentication Hub)

Issue/Introduction

Today with AuthHub latest release 3.4.x , the assertion body when acting as IDP includes default assertion attributes like the ones highlighted below.

Is there a way to exclude these default attributes from being included in the assertion body ?

      <saml2:AttributeStatement>
         <saml2:Attribute Name="app_id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">bxxxxxxxxxxxxxx</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="session_state" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">xxxxxxxxxxxxxx</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="user_guid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">xxxxxxxxxxxxxx</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="idp_guid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">xxxxxxxxxxxxxx</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="user_loginid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">xxxxxxxxxxxxxx</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="user_riskscore" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">50</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="sid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">xxxxxxxxxxxxxx</saml2:AttributeValue>
         </saml2:Attribute>

Environment

VIP AuthHub up to 3.4.x releases 

Resolution

VIP AuthHub release 4.0.1 (may be included in 4.0, please check release note once 4.0 is available)  will have a setting that allows the admin to exclude the default assertion attributes from assertion body.  

Powered by Wolken Software