Intercept Flows and checking raw LDAP attributes

Cantor, Scott cantor.2 at
Mon Aug 3 19:28:59 EDT 2015

On 8/3/15, 7:27 PM, "Cantor, Scott" <cantor.2 at> wrote:

>On 8/3/15, 7:20 PM, "users on behalf of Jeffrey Crawford" <users-bounces at on behalf of jeffreyc at> wrote:
>>I feel like I'm missing something simple here, I have an interrupt flow that will work based off of the context-check example, however if the SAML attribute eduPersonAffiliation is not released to the SP in question and I'm trying to check against it, I get the following in the logs.
>That's just how it was implemented. The next version includes a separately tracked collection of the unfiltered attributes and most of the internal components will then operate on the unfiltered set.

(The workaround until then of course being to generate an IdPAttribute in the resolver but with no AttributeEncoder attached, and it won't ever appear in any assertions whether it's released or not.)

-- Scott

More information about the users mailing list