Why IDP sends SEARCH request with user credentials?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Why IDP sends SEARCH request with user credentials?

zmpanda
Hello,

We deployed Shibboleth IDP and observed LDAP requests on user authentication:

1a) BIND with IDP credentials
1b) SEARCH
We assume this is done to validate that user exists

2a) BIND with user credentials
2b) SEARCH
We assume this is done to authenticate user

3a) BIND with IDP credentials
3b) SEARCH
We assume this is done to retrieve user attributes

We cannot understand why IDP performs step 2b, SEARCH on user-bound connection? What value it adds?

Thanks