Hey everybody,

Has anyone tried a SAML AttributeQuery against a NAM IDS? Is it supported at all? What I've found so far is:

SAML attribute query URL: The URL location where an attribute query is to be sent to the partner. The attribute query requests a set of attributes associated with a specific object. A successful response contains assertions that contain attribute statements about the subject. A SAML 1.1 provider might use the base URL, followed by /saml/soap. For example, https://<dns>:8443/nidp/saml/soap. Replace <dns> with the DNS name of the provider.
- this seems like NAM is able to perform attribute queries against another IDP.

Attribute Query from OIOSAML.SP Java Service Provider Fails with Null Pointer#
- seems like there is this kind of functionality, and there's a workaround described for this to work.

NIDS: Received an Attribute Query Request (002e000d)#
This event is generated when you select the Attribute Query Request Handled option under Novell Audit Logging on the Logging page of an Identity Server configuration.
- also makes me believe this is supported.

Unfortunately, I can't find any documentation on the topic, no example code, nothing.

Any help is appreciated. Basically, the goal is NAM IDS (acting as IDP) to be able to send back in the assertion to the SP (non-NAM) some attribute values that the SP requests (and those attributes belong to a different custom-class-object than the logged-in user).