How to use SAML 2.0 AttributeQuery in ADFS?

Question

In OpenAM, we use /AttributeServiceSoap/default/metaAlias/attra for AttributeQuery.

What do we use for AttributeQuery in ADFS? Can anyone please provide an example?

Answer 1

Unlike OpenAM, ADFS doesn't support SAML 2.0 Query Profiles including the AttributeQuery protocol. The available endpoints and profiles are listed here http://technet.microsoft.com/en-us/library/adfs2-help-endpoints(v=ws.10).aspx

The WS-Trust standard (supported by ADFS) has a possibility to define which claims (attributes) should be returned as part of the security token. See an example of issuing a RequestSecurityToken query to a STS endpoint in ADFS. Although this thread states that the ADFS implementation doesn't support this particular feature either.

In other words, avoiding attribute queries by providing all attributes upfront is most likely the only or at least the easiest way.