edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
- From: Pavel Šipoš <pavel.sipos AT arnes.si>
- To: "edugain-discuss AT lists.geant.org" <edugain-discuss AT lists.geant.org>
- Subject: [eduGAIN-discuss] eduPersonTargetedID depricated form
- Date: Wed, 16 May 2018 10:31:44 +0200
- Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (1024-bit key) header.d=arnes.si
Hi!
I hope you can help me with eduPersonTargetedID attribute any I am sorry if this was already answered many times.
After Eduroam CAT admin portal updated their SP with simplesaml 1.15.xx, we have problems with releasing attribute eduPersonTargetedID in a correct form. Eduroam CAT expects urn:oid:1.3.6.1.4.1.5923.1.1.1.10 to be in XML form. For example:
<saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
NameQualifier="https://idp.aai.arnes.si/idp/20090116";
SPNameQualifier="https://monitor.eduroam.org/sp/module.php/saml/sp/metadata.php/default-sp";>629d9939123cddb4444372sssba2c6e8a6fb0963</saml:NameID>
</saml:AttributeValue>
</saml:Attribute>
Currently our IdP sends deprecated string form:
<saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>629d9939123cddb4444372sssba2c6e8a6fb0963</saml:AttributeValue>
</saml:Attribute>
I know I can change that in SSPHP by changing nameId to TRUE in the config file:
'authproc' => array(
22 => array(
'class' => 'core:TargetedID',
'nameId' => TRUE,
),
),
The problem is that most of SP in our ArnesAAI federation expect deprecated form of eptid. Is it somehow possible to make exceptions to know which form to serve based on SP entityId? What is best way to handle these cases?
Do you have any suggestions how to redefine attribute-map at Shibboleth SP to map received saml:NameID value as eduPersonTargetedID?
Has anyone run into the same problem?
--
Pavel Sipos, Arnes <pavel.sipos AT arnes.si>
ARNES, p.p. 7, SI-1001 Ljubljana, Slovenia
T: +386 1 479 88 00
W: www.arnes.si, aai.arnes.si
Attachment:
smime.p7s
Description: Kriptografski podpis S/MIME
- [eduGAIN-discuss] eduPersonTargetedID depricated form, Pavel Šipoš, 05/16/2018
- Re: [eduGAIN-discuss] eduPersonTargetedID depricated form, Dubravko Voncina, 16-May-2018
- Re: [eduGAIN-discuss] eduPersonTargetedID depricated form, Peter Schober, 16-May-2018
- Re: [eduGAIN-discuss] eduPersonTargetedID depricated form, Dubravko Voncina, 16-May-2018
- Re: [eduGAIN-discuss] eduPersonTargetedID depricated form, Dick Visser, 16-May-2018
- Re: [eduGAIN-discuss] eduPersonTargetedID depricated form, Peter Schober, 16-May-2018
- Re: [eduGAIN-discuss] eduPersonTargetedID depricated form, Dubravko Voncina, 16-May-2018
- Re: [eduGAIN-discuss] eduPersonTargetedID depricated form, Pavel Šipoš, 17-May-2018
- Re: [eduGAIN-discuss] eduPersonTargetedID depricated form, Dick Visser, 16-May-2018
- Re: [eduGAIN-discuss] eduPersonTargetedID depricated form, Dubravko Voncina, 16-May-2018
- Re: [eduGAIN-discuss] eduPersonTargetedID depricated form, Peter Schober, 16-May-2018
- Re: [eduGAIN-discuss] eduPersonTargetedID depricated form, Peter Schober, 16-May-2018
- Re: [eduGAIN-discuss] eduPersonTargetedID depricated form, Dubravko Voncina, 16-May-2018
Archive powered by MHonArc 2.6.19.