Resolving attributes from a SAML proxy

Michael Grady mgrady at
Wed Oct 6 19:29:01 UTC 2021

> On Oct 6, 2021, at 2:03 PM, Wessel, Keith <kwessel at> wrote:
> I also see that I need to add the attribute to my attribute filter config to allow the ADFS IdP to assert it.
> DO I also need to add an attribute definition so that I can use the attribute elsewhere in the IdP, resolving it and doing things like... oh, I don't know... deciding if the upstread IdP performed MFA so I can release the right ACR value?

Keith, you need the attribute registry stuff to first make it available. See the Azure AD doc here: <>

See Proxy Task 3, but adjust as necessary for the name/format on the wire for your use case.

Michael A. Grady
IAM Architect, Unicon, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list