Troubles with idp.authn.LDAP.returnAttributes property
cantor.2 at osu.edu
Thu Oct 3 10:54:41 EDT 2019
On 10/3/19, 10:48 AM, "users on behalf of Peter Schober" <users-bounces at shibboleth.net on behalf of peter.schober at univie.ac.at> wrote:
> Having said that I do agree that it would be a good precaution for the
> IDP to default to something else if that property was unset by the
> deployer, however that would work, essentially forcing the depolyer to
> set that property to "1.1" when they really mean "give me all
> attributes I have access to".
...is that what "1.1" means? That did seem odd, but I thought that was just a stand-in for a non-existent attribute name to avoid getting anything.
If we're defaulting an empty/unset property to actually deliberately "get everything", that's definitely not what we should do.
More information about the users