Troubles with idp.authn.LDAP.returnAttributes property

Peter Schober peter.schober at
Thu Oct 3 10:48:18 EDT 2019

* Peter Schober <peter.schober at> [2019-10-03 16:44]:
> * Guillaume Rousse <guillaume.rousse at> [2019-10-03 15:39]:
> > Our current configuration uses the default file content:
> > ## Return attributes during authentication
> > idp.authn.LDAP.returnAttributes =
> That's not the default, at least not in my conf/ nor
> in the shipped distributed copy in dist/conf/ which you
> could check yourself:
> idp.authn.LDAP.returnAttributes = passwordExpirationTime,loginGraceRemaining

Having said that I do agree that it would be a good precaution for the
IDP to default to something else if that property was unset by the
deployer, however that would work, essentially forcing the depolyer to
set that property to "1.1" when they really mean "give me all
attributes I have access to".

Note the minor "however that would work" caveat.


More information about the users mailing list