AW: Features - SAML dynamic/custom attributes

Hello Salvo,
This is a good idea and I think 90% of the task is already done.If you take a look at the getUserInfo of the ldap resolver you will see, that you can map any field you like to.
This way you can “invent” new fields in privacyidea and map these to ldap attributes.
Maybe in samlcheck we should return all available keys of the dictionary.
Kind regards Cornelius

Cornelius Kö 151 2960 1417
NetKnights GmbHhttp://netknights.itLandgraf-Karl-Str. 19, 34131 Kassel, GermanyTel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405Geschäftsführer: Cornelius Kölbel-------- Ursprüngliche Nachricht --------
Von: Salvo Rapisarda
Datum: 18.02.2016 11:45 (GMT+01:00)
An: privacyidea
Betreff: [privacyidea] Features - SAML dynamic/custom attributes

We are using privacyIDEA with SimpleSAMLphp for create a federated authentication platform.
We noticed that the function samlcheck() in /api/ returns a fixed set of attributes.It would be useful for us to customize this set and return other attributes from user resolver (for example, roomNumber or departmentNumber).

What do you think about ?

Please read the blog post about getting help

For professional services and consultancy regarding two factor authentication please visit

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT which suites your needs for SECURITY, AVAILABILITY and LIABILITY:

You received this message because you are subscribed to the Google Groups “privacyidea” group.

To unsubscribe from this group and stop receiving emails from it, send an email to

To post to this group, send email to

Visit this group at

To view this discussion on the web visit

For more options, visit