Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] eduPersonTargetedID depricated form

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] eduPersonTargetedID depricated form


Chronological Thread 
  • From: Peter Schober <peter.schober AT univie.ac.at>
  • To: edugain-discuss AT lists.geant.org
  • Subject: Re: [eduGAIN-discuss] eduPersonTargetedID depricated form
  • Date: Wed, 16 May 2018 11:21:16 +0200
  • Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (1024-bit key) header.d=univie.ac.at
  • Organization: ACOnet

* Dubravko Voncina <dubravko.voncina AT srce.hr> [2018-05-16 11:09]:
> I don't know about Shibboleth SP attribute mapping, but as far as
> SimpleSAMLphp IdP is concerned, you should be able to set persistent
> NameID only for certain Service Providers.
>
> Specifically, for eduroam CAT service you should find entry that starts
> with:
>
>
> $metadata['https://monitor.eduroam.org/sp/module.php/saml/sp/metadata.php/default-sp']
> = array ( ...
>
> in your ../metadata/saml20-sp-remote.php configuration file and add
> following parameters to that enry (it's just an example that has to
> be adapted depending on your authentication source):

How do you update that SP's metadata then, without losing your local
configuration changes?
I guess you could provide an extra metadata source directory and find
out where to put local copies so that your local copy prevails over
metarefresh'ed metadata? But then you "own" the management of the
whole entity, meaning you'd have to monitor and merge upstream changes
into your local "fork" of that entity's metadata.

So unless SimpleSAMLphp provides another mechanism to override this
(or a more "lightweight override" that keeps everything not overridden
the same) I don't think that's a workable model?

-peter



Archive powered by MHonArc 2.6.19.

Top of Page