The primary security consideration for composed attributes is that they may expose the values of other attributes. For example, if the cn attribute is composed from the values of the givenName and sn attributes, then a user with permission to read the cn attribute could determine the values of the givenName and sn attributes even if they do not have permission to read these attributes directly. However, this is not usually a significant concern and you can address this by ensuring that the user's access-control configuration restricts access to source attributes used in a composed attribute value pattern and imposes similar restrictions to the composed attribute.
Page created: 22 Jul 2020 |
Page updated: 1 Feb 2021