You can configure the Embedded Service Provider (ESP) of Access Gateway to receive attributes when the user authenticates. LDAP traffic is reduced and performance is improved when the required LDAP attribute values are retrieved during authentication. This improvement is easily seen when you have many users and you have configured Identity Injection or Authorization policies to protect resources and these policies use LDAP attributes or Identity Server roles.
When the authentication process does not gather the LDAP attribute values, each user access can generate a new LDAP query, depending upon how the user accesses the resources and how the policies are defined. However, if the LDAP values are gathered at authentication, one LDAP query can retrieve all the needed values for the user.
Click Devices > Identity Servers > Shared Settings.
On the Attributes page, click New, specify a name, then click Next.
For each attribute you need to add because it is used in a policy:
Click New.
In Local attribute, scroll to LDAP Attribute section, then select the attribute.
Click OK.
The other fields do not need to be configured.
If you use Identity Server roles in your policies, click New, select the All Roles attribute, then click OK.
Click Finish.
Click Servers > Edit > Liberty.
Click the name of the Embedded Service Provider.
If the Embedded Service Provider is part of a cluster of Access Gateways, the default name is the cluster name. If Access Gateway is not part of a cluster, the default name is the IP address of Access Gateway.
Click Attributes.
For the attribute set, select the set you created for the Embedded Service Provider.
Select attributes from the Available list, then move them to the left side of the page.
Click OK, then update Identity Server.