Thanks all for the responses, particularly the National Roaming Octopus. Agreed that the triple-server architecture is excessive. You can enforce the Identity Provider vs Service Provider distinction by stripping SP-only attributes from replies sent outside your network. For anyone curious in future, since I’ve read a lot of the mailing list via Google and this may be helpful: What I’ve ended up with is two virtual servers, inner and outer. Outer will always set all attributes, and then runs a custom attr_filter which keys on %{client:shortname}* and removes the private attributes from the clients with the wrong names. Haven’t looked at the RFCs yet for appropriate attributes to permit. * incidentally, the attr_filter module doesn’t seem to enable the new &format.