Troubles with idp.authn.LDAP.returnAttributes property

Cantor, Scott cantor.2 at
Thu Oct 3 10:54:41 EDT 2019

On 10/3/19, 10:48 AM, "users on behalf of Peter Schober" <users-bounces at on behalf of peter.schober at> wrote:

> Having said that I do agree that it would be a good precaution for the
> IDP to default to something else if that property was unset by the
> deployer, however that would work, essentially forcing the depolyer to
> set that property to "1.1" when they really mean "give me all
> attributes I have access to". that what "1.1" means? That did seem odd, but I thought that was just a stand-in for a non-existent attribute name to avoid getting anything.

If we're defaulting an empty/unset property to actually deliberately "get everything", that's definitely not what we should do.

-- Scott

More information about the users mailing list