Skip to Content.
Sympa Menu

cat-users - Re: [[cat-users]] NameID urn:oasis:names:tc:SAML:2.0:nameid-format:persistent instead of eduPersonTargetedID attribute

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] NameID urn:oasis:names:tc:SAML:2.0:nameid-format:persistent instead of eduPersonTargetedID attribute


Chronological Thread 
  • From: Chris Phillips <Chris.Phillips AT canarie.ca>
  • To: Miroslav Milinovic <miro AT srce.hr>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
  • Subject: Re: [[cat-users]] NameID urn:oasis:names:tc:SAML:2.0:nameid-format:persistent instead of eduPersonTargetedID attribute
  • Date: Tue, 28 Jun 2016 17:26:46 +0000
  • Accept-language: en-US

Miro and CAT team,

I presume that this proposed update will work as follows:

1. Existing users of eduroam CAT will continue to work with their current
attribute release policies
2. New site admins using Federated Sign on via SAML are encouraged to use
SAML2 persistent nameID, but MAY be able to use eduPersonTargetedId


Can you confirm this to be accurate?

I hope we are not cutting off anyone who already has a sign on configured
as an admin as the attribute release practice will be materially different
post update..


Thanks!

Chris.


On 2016-06-28, 10:46 AM, "Miroslav Milinovic"
<miro AT srce.hr>
wrote:

>Hi Simon, all!
>
>We plan to implement this feature and put it into production by the
>beginning of August 2016 (so in about one month from now).
>
>Best regards
>
>Miroslav Milinovic
>eduroam service manager, GEANT
>
>----- Original Message -----
>From: "Simon Lundström"
><simlu AT su.se>
>To:
><cat-users AT lists.geant.org>
>Sent: Monday, June 27, 2016 3:50 PM
>Subject: [[cat-users]] NameID
>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent instead of
>eduPersonTargetedID attribute
>
>
>> Hi!
>>
>> We've recently upgraded our IDPs Shibboleth v3 since v2 is going to be
>> (or already has been) depreciated.
>>
>> According to e.g. Scott Cantor using eduPersonTargetedId as an attribute
>> and not as NameID is discouraged and depreciated, see:
>> <https://wiki.shibboleth.net/confluence/display/IDP30/StoredIdConnector>
>>
>><http://thread.gmane.org/gmane.comp.web.shibboleth.user/46825/focus=46856
>>>
>> <http://article.gmane.org/gmane.comp.web.shibboleth.user/39696/>
>>
>> So when Shibboleth IDP removes the StoredIdConnector none of us will be
>> able to use your service.
>>
>> When are you going to use the
>> urn:oasis:names:tc:SAML:2.0:nameid-format:persistent NameID instead?
>>
>> BR,
>> - Simon
>>
>> ____________________________________
>>
>> Simon Lundström
>> Section for Infrastructure
>>
>> IT Services
>> Stockholm University
>> SE-106 91 Stockholm, Sweden
>>
>> www.su.se/english/staff-info/it
>> To unsubscribe, send this message:
>> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
>> Or use the following link:
>> https://lists.geant.org/sympa/sigrequest/cat-users
>>
>
>To unsubscribe, send this message:
>mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
>Or use the following link:
>https://lists.geant.org/sympa/sigrequest/cat-users




Archive powered by MHonArc 2.6.19.

Top of Page