How to query a list of users or a list of groups using SAML AttributeQuery?

Question

I can use OpenAM to query list of users or list of groups by using its REST API:

• /openam/json/users?_queryID=*
• /openam/json/groups?_queryID=*

Is there an equivalent of the above using just SAML, such as AttributeQuery?

Answer 1

The goal of the Attribute Query is completing the info that the app has from the IdP that was recieved in Response to the AuthNRequest.

The SP can make an Attribute Query Request to the IdP to complete info of the current logged user, but is not supposed to ask for the user or the group list.

What is the problem making a Rest Request to the Idp? If you use Oauth2 to protect the Tx all is ok.

Answer 2

If OpenAM is the IdP it could be configured to send group info in authentication assertion