The attributes that can be requested to and returned from an Identity Provider are determined here.
- Subject Attribute: Defines which user attribute is used to identify the user at the Identity Provider
- Look-up Principle: When this is enabled, After the user is authenticated the user (principal) will also be queried from the IDHub user repository, and any known attribute values (that were still empty) will be added to the session.
Non-empty attributes will not be updated, unless the attribute type has the "override" property
This is used to map the IDP's attribute labels to IDHub's attributes (eg. "Email" vs "E-mail")
- Identity Provider user attribute: the string that is used by the Identity Provider to describe this attribute.
- User attribute: The attribute defined by IDhub.