SP, obtaining extra attributes about a user

Steven Carmody steven_carmody at brown.edu
Fri May 17 11:31:55 EDT 2019


I *think* there's an element I can add to my shibboleth2.xml file that 
can be configured to ...

take one of the attributes received in the SAML2 Assertion... (eg EPPN)

and query my local ldap directory for additional attributes that it may 
have for this user.

This could be used to obtain any local group memberships for a non-local 

unfortunately, I can't remember the name of this element, and some 
searching hasn't turned it up.

Thanks for any suggestions !

More information about the users mailing list