Restricting Attribute Resolution to only one relaying party

McLennan, Neil R n.mclennan at
Fri Sep 3 11:24:48 UTC 2021


How do you prevent an attribute being resolved except for one relying party? Reading I had assumed that the following attribute would only resolve for relying party, however it resolves every time no matter what the Service Provider. Obviously resolving a user's nested groups is an expensive operation best avoided unless necessary.

   <AttributeDefinition xsi:type="Simple" id="memberOfAll" relyingParties="">
<InputDataConnector ref="ldap-groups" attributeNames="distinguishedName"/>

I apologise if similar questions have been answered before.

Neil McLennan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list