> I don't recall doing anything more than adding the relying-party config I just > shared, which includes the line: > <ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" > encryptAssertions="never" encryptNameIds="never" /> There's no support by default to query on anything but transients. -- Scott