I think its Called "SAML Attribut-Assertion" and its a Saml protocol thing, so all saml Providers use it:
Attribute assertions in a SAML (Security Assertion Markup Language) authentication response serve to provide additional information about the authenticated user. Here's how they work:
-
Authentication Request: A service provider (SP) sends a request to an identity provider (IdP) to authenticate a user.
-
Authentication Response: Upon successful authentication of the user, the identity provider sends an authentication response back to the service provider. This response typically contains one or more assertions, which are pieces of information about the user. One of these assertions is the attribute assertion.
-
Attribute Assertions: Attribute assertions contain specific attributes or properties of the authenticated user. These attributes can include various pieces of information such as username, email address, roles, permissions, or group memberships. Each assertion can contain multiple attributes.
-
Structure of an Attribute Assertion: An attribute assertion consists of a set of attributes represented as name-value pairs. For example, an attribute assertion might contain a user's group memberships as follows:
<AttributeStatement>
<Attribute Name="GroupMembership" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<AttributeValue>Group1</AttributeValue>
<AttributeValue>Group2</AttributeValue>
</Attribute>
</AttributeStatement>
In this example, the attribute assertion indicates that the authenticated user is a member of the "Group1" and "Group2" groups.
Use of Attributes by the Service Provider: Upon receiving the attribute assertions, the service provider can use the contained attributes to make decisions such as granting access rights or providing specific functionalities. In our example, the service provider might decide which resources the user can access based on their group memberships.
Overall, attribute assertions in the authentication response provide a flexible and extensible means of conveying additional information about the user, which can be crucial for service provisioning and enforcement of access policies.