An open discussion list for topics related to the eduGAIN interfederation service.

[Dubravko Voncina <dubravko.voncina AT srce.hr>]

> On 16 May 2018, at 11:21, Peter Schober <peter.schober AT univie.ac.at> wrote:
> 
> * Dubravko Voncina <dubravko.voncina AT srce.hr> [2018-05-16 11:09]:
>> I don't know about Shibboleth SP attribute mapping, but as far as
>> SimpleSAMLphp IdP is concerned, you should be able to set persistent
>> NameID only for certain Service Providers.
>> 
>> Specifically, for eduroam CAT service you should find entry that starts 
>> with:
>> 
>>  
>> $metadata['https://monitor.eduroam.org/sp/module.php/saml/sp/metadata.php/default-sp']
>>  = array ( ...
>> 
>> in your ../metadata/saml20-sp-remote.php configuration file and add
>> following parameters to that enry (it's just an example that has to
>> be adapted depending on your authentication source):
> 
> How do you update that SP's metadata then, without losing your local
> configuration changes?
> I guess you could provide an extra metadata source directory and find
> out where to put local copies so that your local copy prevails over
> metarefresh'ed metadata?  But then you "own" the management of the
> whole entity, meaning you'd have to monitor and merge upstream changes
> into your local "fork" of that entity's metadata.

Hello Peter,

If I understand your comment correctly, that's exactly what we're doing.
First, SimpleSAMLphp automatically generates saml20-sp-remote.php 
configuration file based on data stored in eduGAIN MDS. After that, we run 
saml20-sp-remote.php file through a custom made script which modifies some SP 
entries according to our needs.
Users don't care if we perform some additional tweaking, they just want 
things to work.

Regards,

Dubravko Voncina
Middleware and Data Services Department
University of Zagreb, University Computing Centre, www.srce.unizg.hr
dubravko.voncina AT srce.hr, tel: +385 98 219273, fax: +385 1 6165559