Configuration uApprove.jp determins whether an attribute is mandatory or optional by recognizing isRequired boolean attribute of RequestedAttribute elements in metadata of a SP. Release of optional (isRequired is not "true") attributes according to user consent can be controled with isApproved boolean in attribute-filter.xml like: If you are using combination of multiple AttributeFilterPolicy, the configuration may be: : : : : Attributes can be hidden from the user consent page by undefining attribute names in the attribute-list. Add a "!" as prefix of attribute names to make the line as a comment (original feature of uApprove). Restrictions: When relase of an optional attribute is not controlled in attribute-filter.xml, the user consent page will be shown again if release of the optional attribute is denied by the user. RequestedAttribute is defined in AttributeConsumingService of SP metadata, and multiple definitions of AttributeConsumingService can be made. If there are multiple definition of AttributeConsumingService, it should be selected with AttributeConsumingServiceIndex of AuthnRequest. Current implementation does not have a way to get the index, and choose the default where isDefault of AttributeConsumingService is "true". When attribute values are changed after last release with user consent, user consent will be required again. In such case, mandatory attributes and only optional attributes which were released at last user consent are shown for re-consent, and user can not know which attribute value is cahged after the last consent. Future Plan Now we working for uApprove 2.1.4/2.2.0. The following feature will also be supported: Attributes which will be sent independent of user concent (by configuration of attribute-filter) will be treated as mandatory attributes (even if isRequired=false). attribute-filter can be configured to send attributes only defined by SP in metadata with RequestedAttribute elements. Usage of each attribute by SP can be seen at the user concent step.