An open discussion list for topics related to the eduGAIN interfederation service.

[Peter Schober <peter.schober AT univie.ac.at>]

* Dubravko Voncina <dubravko.voncina AT srce.hr> [2018-05-16 11:09]:
> I don't know about Shibboleth SP attribute mapping, but as far as
> SimpleSAMLphp IdP is concerned, you should be able to set persistent
> NameID only for certain Service Providers.
> 
> Specifically, for eduroam CAT service you should find entry that starts 
> with:
> 
>   
> $metadata['https://monitor.eduroam.org/sp/module.php/saml/sp/metadata.php/default-sp']
>  = array ( ...
> 
> in your ../metadata/saml20-sp-remote.php configuration file and add
> following parameters to that enry (it's just an example that has to
> be adapted depending on your authentication source):

How do you update that SP's metadata then, without losing your local
configuration changes?
I guess you could provide an extra metadata source directory and find
out where to put local copies so that your local copy prevails over
metarefresh'ed metadata?  But then you "own" the management of the
whole entity, meaning you'd have to monitor and merge upstream changes
into your local "fork" of that entity's metadata.

So unless SimpleSAMLphp provides another mechanism to override this
(or a more "lightweight override" that keeps everything not overridden
the same) I don't think that's a workable model?

-peter