Attributes and Attribute Groups

The SAML IDP Service allows you to configure attributes and attribute groups that can be included in the SAML assertions sent to Service Providers. This configuration is essential for providing the necessary user information to the Service Providers during the authentication process.

Attributes are named values, where the name is the attribute name and the value is provided by an Attribute Value Provider.

An Attribute Group exists to be able to manage attributes more easily. An Attribute Group is a collection of attribute names that can be selected as a whole. Other than managing attribute names, an Attribute Group does not do anything else.

To establish the value for an attribute, an Attribute Value Provider is used. The attribute provider is asked to resolve the so called input attributes for the attribute. This input attribute or input attributes makes up the value of the configured attribute.

Attribute Value Providers

An Attribute Value Provider is a component that provides the value for an attribute. When resolving the value of an attribute, one or more input attributes (which are attribute _names_) are passed to the Attribute Value Provider, which then returns the value or values for these input attributes with these names.

The Curity Identity Server supports the transformation procedure to process the values of the resolved input attributes before returning the value for the attribute. This allows for more complex transformations and manipulations of the attribute values.

Note

The current version of the Curity Identity Server ships with a limited number of Attribute Value Providers. More Attribute Value Providers will be added in future releases to support additional use cases and requirements.