从技术上讲，是的，这是可能的，因为 AuthnRequest 可以包含一个可以包含任何内容的扩展元素 - 请参阅 SAML核心"规范:AuthnRequest(第 3.4.1 节)是派生的来自具有可选扩展的 RequestAbstractType(第 3.2.1 节).发送方和接收方必须就以这种方式发送的数据的语法和语义达成一致.

Technically, yes, it is possible, since AuthnRequest can contain an Extensions element, which can contain anything - see the SAML 'core' spec: AuthnRequest (section 3.4.1) is derived from RequestAbstractType (section 3.2.1) which has an optional Extensions. The sender and recipient would have to agree on the syntax and semantics of data sent this way.

我看不到更传统"的方法来做到这一点，因为属性通常在断言中，而不是在 AuthnRequests 中.

I can't see a more 'conventional' way to do this, since Attributes are usually in Assertions, rather than AuthnRequests.