Consider a sample scenario where a sample service provider in CA MS and citizen MS is also CAis a certificate authority (CA) member state (MS), and the citizen member state is also a CA.
- First, let's request natural person mandatory attributes. Assume that the corresponding user has all the user attributes that are requested.
Follow the steps below to create a new user via the management consoleof WSO2 IS, and send the request via the sample service provider:
- On the Main tab on the management console, click Add under Users and Roles.
- Click Users. This link is only visible to users with the Admin role.
- Click Add New User, and create a new user with all the natural person user attributes.
- Use the sample service provider to send the request.
When the signed SAML request is sent, you are redirected WSO2 IS for authentication.
- Specify values for the Username and Password, and then click SIGN IN.
- On successful authentication, you are asked to provide consent for the requested attributes. You need to provide consent, to continue.
- Select the required attributes and click Approve to provide consent. You will see that the SAML response is sent to the eIDAS proxy service with the user attributes (i.e., the signed SAML response and encrypted assertion)
- Now let's request legal person mandatory attributes for the same user.
Here, you will see that you are asked to provide consent for the legal person attributes for which you have not provided consent before.
Once you provide consent and approve, you will see that the SAML response is sent to the eIDAS proxy service with the user attributes.
- Next, let's request mandatory attributes where there are no values assigned to the claims so that you can see how an error response is sent from WSO2 IS.