The Shibboleth IdP V4 software will leave support on September 1, 2024.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Profile-Specific

Options specific to the Shibboleth / SAML 1.1 SSO profile:

NameTypeDefaultDescription
includeAttributeStatementBooleanfalseWhether to "push" attributes during SSO

Guidance

The historical default for the Shibboleth profile of SAML 1.1 was to issue only authentication information through the normal channel and rely on a back-chanel to query for attributes, due to the lack of support for XML Encryption in SAML 1.1.

This a very commonly modified setting because of the gradual deprecation of the use of the back channel and support for attribute queries. With the very limited use of SAML 1.1, it's usually simpler to forgo supporting queries and simply push attributes for the few legacy systems left, relying on the TLS protections between the client and servers to protect the user's data from passive observation.

Note that the value of this setting is ignored when SAML artifacts are used, it's always true in those cases because the data is passed over a back-channel anyway.

  • No labels