This is a good idea and I think 90% of the task is already done.If you take a look at the getUserInfo of the ldap resolver you will see, that you can map any field you like to.
This way you can “invent” new fields in privacyidea and map these to ldap attributes.
Maybe in samlcheck we should return all available keys of the user.info dictionary.
Kind regards Cornelius
Cornelius KölbelCornelius.email@example.com+49 151 2960 1417
NetKnights GmbHhttp://netknights.itLandgraf-Karl-Str. 19, 34131 Kassel, GermanyTel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405Geschäftsführer: Cornelius Kölbel-------- Ursprüngliche Nachricht --------
Von: Salvo Rapisarda firstname.lastname@example.org
Datum: 18.02.2016 11:45 (GMT+01:00)
An: privacyidea email@example.com
Betreff: [privacyidea] Features - SAML dynamic/custom attributes
We are using privacyIDEA with SimpleSAMLphp for create a federated authentication platform.
We noticed that the function samlcheck() in /api/validate.py returns a fixed set of attributes.It would be useful for us to customize this set and return other attributes from user resolver (for example, roomNumber or departmentNumber).
What do you think about ?
Please read the blog post about getting help
For professional services and consultancy regarding two factor authentication please visit
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
You received this message because you are subscribed to the Google Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an email to firstname.lastname@example.org.
To post to this group, send email to email@example.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/4defb9b9-9694-433a-81fc-7ad39ec8d1c6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.