new idp 4 Attribute Registry

Paul B. Henson henson at
Wed Apr 22 22:40:24 EDT 2020

I'm reviewing my upgrade to idp 4 and looking at the new Attribute
Registry functionality.

So it looks like for common attributes they can just be pulled from an
ldap directory and immediately referenced in attribute release policy as
their encodings are defined in for example

That file defines the SAML name for the attribute, but I don't see the
"friendlyName" previously used in the AttributeEncoder in an
AttributeDefinition? Does it just default to the idp name of the
attribute (so the idp attribute "mail" would be encoded with a name of
urn:oid:0.9.2342.19200300.100.1.3 and a friendlyName of mail)?

If an SP wants a different friendlyName for an attribute <sigh>, such as
"email", do you just need to use an AttributeDefinition as before like:

<AttributeDefinition xsi:type="Simple" id="email">
  <InputDataConnector ref="LDAP" attributeNames="mail" />
    <AttributeEncoder xsi:type="SAML2String"
		    encodeType="false" />

Or is there a new recommended way to accomplish this?


Paul B. Henson  |  (909) 979-6361  |
Operating Systems and Network Analyst  |  henson at
California State Polytechnic University  |  Pomona CA 91768

More information about the users mailing list