Troubles with idp.authn.LDAP.returnAttributes property
Paul Engle
pengle at rice.edu
Thu Oct 3 11:02:44 EDT 2019
1.1 means just return a list of DNs. At least that's the meaning for 389ds;
I can't speak to others.
--
Paul Engle
IAM Architect
Identity & Access Management
pengle at rice.edu 713-348-4702
On Thu, Oct 3, 2019 at 9:55 AM Cantor, Scott <cantor.2 at osu.edu> wrote:
> On 10/3/19, 10:48 AM, "users on behalf of Peter Schober" <
> users-bounces at shibboleth.net on behalf of peter.schober at univie.ac.at>
> wrote:
>
> > Having said that I do agree that it would be a good precaution for the
> > IDP to default to something else if that property was unset by the
> > deployer, however that would work, essentially forcing the depolyer to
> > set that property to "1.1" when they really mean "give me all
> > attributes I have access to".
>
> ...is that what "1.1" means? That did seem odd, but I thought that was
> just a stand-in for a non-existent attribute name to avoid getting anything.
>
> If we're defaulting an empty/unset property to actually deliberately "get
> everything", that's definitely not what we should do.
>
> -- Scott
>
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20191003/2b7514ac/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5355 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://shibboleth.net/pipermail/users/attachments/20191003/2b7514ac/attachment.p7s>
More information about the users
mailing list