SP, obtaining extra attributes about a user

Cantor, Scott cantor.2 at osu.edu
Fri May 17 12:17:47 EDT 2019

On 5/17/19, 12:09 PM, "users on behalf of Steven Carmody" <users-bounces at shibboleth.net on behalf of steven_carmody at brown.edu> wrote:

> So, I'd receive an Assertion from an external IDP, and then use the 
> received EPPN to construct a query against my local IDP (which would 
> access my local ldap server).

Doesn't have to be EPPN specifically, but yes.
> I'd get back (among other attributes) any isMemberOf values associated with that user ... ?

Or whatever you program it to ask for or return, yes. They go through the same layers of processing as the original SAML Attributes do, extraction, filtering, transforms, etc.

-- Scott

More information about the users mailing list