I have recently configured a moodle 3.11 instance to authenticate via SAML2 using the auth_saml2 module.
Everything works fine, but I am only getting three attributes from the IdP.
In the SP metadata generated, I don't see any <RequestedAttribute> tags.
Where/how can I set the attributes to be requested from the IdP?
In reply to Nimal Ratnayake
Re: auth_saml2 module - Attributes Requested by SP
by Visvanath Ratnaweera -
Posted in GitHub: https://github.com/catalyst/moodle-auth_saml2/issues/654.
as mentioned in github - this is usually dependent on your IDP
The Saml2 readme under the debugging header points to a test script that you can trigger to see what the values are that are coming back from your IDP here:
https://github.com/catalyst/moodle-auth_saml2#debugging
So you can hit that and see if your IDP is sending back the department value to Moodle - if not, can you please provide more information on the IDP you are using and hopefully someone here in the forums familiar with the same IDP you are using can provide some tips on how to get it sending that data to Moodle.
The Saml2 readme under the debugging header points to a test script that you can trigger to see what the values are that are coming back from your IDP here:
https://github.com/catalyst/moodle-auth_saml2#debugging
So you can hit that and see if your IDP is sending back the department value to Moodle - if not, can you please provide more information on the IDP you are using and hopefully someone here in the forums familiar with the same IDP you are using can provide some tips on how to get it sending that data to Moodle.
Thanks for the feedback.
I have checked the attributes that the IdP sends to Moodle (SP). Usually the SP must specify what attributes it requires from the IdP. But in the SP metadata created by this moodle plugin, the attributes part is missing - which means that the IdP will provide its default set of attributes. I can tinker the embedded SimpleSAMLphp code in this plugin to request the required attributes. But it would be better if the Moodle plugin configuration provided a way to do this, without having to tinker with the embedded SimpleSAMLphp config.
I have checked the attributes that the IdP sends to Moodle (SP). Usually the SP must specify what attributes it requires from the IdP. But in the SP metadata created by this moodle plugin, the attributes part is missing - which means that the IdP will provide its default set of attributes. I can tinker the embedded SimpleSAMLphp code in this plugin to request the required attributes. But it would be better if the Moodle plugin configuration provided a way to do this, without having to tinker with the embedded SimpleSAMLphp config.
Pull requests are always welcome 