SP, obtaining extra attributes about a user

[Steven Carmody]

Hi,

I *think* there's an element I can add to my shibboleth2.xml file that 
can be configured to ...

take one of the attributes received in the SAML2 Assertion... (eg EPPN)

and query my local ldap directory for additional attributes that it may 
have for this user.

This could be used to obtain any local group memberships for a non-local 
user....

unfortunately, I can't remember the name of this element, and some 
searching hasn't turned it up.

Thanks for any suggestions !