attributes from external auth

[Cantor, Scott]

I was incorrect, it does filter anything inbound, and that should be self-evident from the log. With no issuer, the only way to get it to accept them is with "any" policy rules or with an inbound Direction rule.

> "The Subject DataConnector exposes IdPAttribute objects contained within Java Subject(s)", but the IdPAttribute
> collection is not in the Subject or Principals. 

Not when it's filtered out to start with, no. If it weren't, it would be there.

-- Scott