I have a SP using Shibboleth as IDP for SSO, and Shibboleth uses Active Directory as User store.
In SP configuration, it maps an attribute "urn:oid:2.16.840.1.113730.3.1.3" to a local attribute.
I exported all objects from AD but didn't find any attributes associated with 2.16.840.1.113730.3.1.3. But when I check SAML log in SP, I did find values of "EmployeeID" from AD are filled into this attribute, but AD attribute "EmployeeID" has different AttributeID(1.2.840.113556.1.4.35).
I used the following 2 cmds to export AD schema objects, neither of them shows 2.16.840.1.113730.3.1.3:
$schemaPath = (Get-ADRootDSE).schemaNamingContext
Get-ADObject -filter * -SearchBase $schemaPath -Properties *|select-object lDAPDisplayName,attributeID
ldifde -f xxx.ldif cn=Schema,CN=Configuration,DC=xxxx,DC=xxxx,DC=edu
Anybody knows why 2.16.840.1.113730.3.1.3 doesn't show up in schema query but Shibboleth can query its values?
Thank you