Troubles with idp.authn.LDAP.returnAttributes property

Guillaume Rousse guillaume.rousse at
Thu Oct 3 11:56:03 EDT 2019

Le 03/10/2019 à 17:22, Peter Schober a écrit :
> * Guillaume Rousse <guillaume.rousse at> [2019-10-03 15:39]:
>> According to my understanding of (Spring|Velocity|whatever templating system
>> used) syntax, this should result in a default value of "1.1" for the value
>> attribute, as the idp.authn.LDAP.returnAttribute property is undefined. And
>> according to the documentation (,
>> it should result in no attribute fetching at all.
> The above documentation doesn't have a "Default" column so maybe it
> doesn't specify the default values the IDP would use if none are
> configured?
> But even then a default would only apply if the property wasn't set,
> but you did set it, only to empty value?
> I may still be misunderstanding this but AFAICT it works as desiged:
> You told the IDP to get everything by setting the property to nothing,
> That's LDAP search request attribtues for you.
That would be true if ldap-authn-config.xml didn't imposed a default 
value, ie:

However, it is supposed to enforce '1.1' as default value:

Guillaume Rousse
Pôle SSI

Tel: +33 1 53 94 20 45

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3637 bytes
Desc: Signature cryptographique S/MIME
URL: <>

More information about the users mailing list