Attributes Values Based on Presence of LDAP Attribute

Jason shibboleth at
Tue May 20 21:04:00 EDT 2014

Hi All,

I'm working on setting up an integration between a Shibboleth IdP and
a third-party service provider.

The service provider wants a custom attribute called "Application".
I've defined that attribute, and the value of that attribute is
retrieved from an LDAP attribute also called "Application".

Getting the IdP to return whatever is in LDAP is working fine.
However, for users that don't have this attribute in LDAP, the IdP
doesn't return the attribute, which is totally understandable.

My question is this: for users that don't have the attribute in LDAP,
is it possible to have the IdP still return some value in the
attribute statement?  If so, what's the best way to do that?


More information about the users mailing list