When getting a 3.0.0 IdP ready to roll out, I was checking for any warnings in idp-process.log.
I found this one:
and I've tracked it down to this snippet in attribute-resolver.xml which I took from attribute-resolver-ldap.xml
Changing the type to sec:X509ResourceBacked fixed it.
I already found
IDP-396 reporting missing documentation for the types (and I had to guess there are no syntax changes - at least checked the schema).
Reporting this one so that the sample configuration in attribute-resolver-ldap.xml gets updated.