Resolving attributes from a SAML proxy

Wessel, Keith kwessel at
Wed Oct 6 20:36:52 UTC 2021

I'll give that a shot, Mike. If I put it in the registry, I don't need the data connector, right? Just the registry entry and the attribute filter?


From: users <users-bounces at> On Behalf Of Michael Grady
Sent: Wednesday, October 6, 2021 3:28 PM
To: Shib Users <users at>
Subject: Re: Resolving attributes from a SAML proxy

On Oct 6, 2021, at 3:10 PM, Wessel, Keith <kwessel at<mailto:kwessel at>> wrote:


And the type of the attribute should be simple (since it's not going to be a scoped attribute)?

And the subjectDataConnector should be the input to the attribute definition?

Yes, the attribute registry is sounding better by the minute.


And using the registry for this does not mean that you need to convert over to it entirely right away. I just comment out the "import" lines (in default-rules.xml) I don't want to use yet (that would conflict with encoders already in the resolver), and add in new import lines to bring in the Azure claims rules, or the OIDC claims rule, etc. I.e. start using the registry where there are already great example/starting files to bring in for new functionality, and then later worry about using it more broadly.

Michael A. Grady
IAM Architect, Unicon, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list