Refusing to send an assertion if attribute not present?
Christopher Bongaarts
cab at umn.edu
Wed Mar 13 14:22:31 EDT 2013
On 3/12/2013 3:49 PM, Erdos, Marlena wrote:
> I'm using external authentication, so my alternative is to check for
> presence of the attribute in the the external authN callback servlet --
> and maybe that's the place to do it, but I figured I'd ask. (It seems
> "wasteful" to be pulling attributes from LDAP twice -- once in the
> callback and then again in the resolver.)
We do two LDAP calls (one in our custom login handler and one in the
attribute resolver) for every auth. Not that big a deal for our LDAP
servers as they are exact searches for a unique identifier, which is
nicely indexable.
--
%% Christopher A. Bongaarts %% cab at umn.edu %%
%% OIT - Identity Management %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
More information about the users
mailing list