eduPersonScopedAffiliation not mapping correctly

Scott Klawitter sklawitter at ebsco.com
Thu Nov 3 21:10:14 GMT 2011 

>> I'm simply asking as the author what it is about the specification
you read that makes it impossible for you to answer this question. It
essentially means the profile serves no purpose. That bothers me a great
deal.

The log file shows different approaches per Identity Provider. This
could be due to IdP versions, or user IdP configurations. I knew that
you edited the document, and was hoping that you would respond with an
example that I could relay to the Identity Provider.

>> It's very dissimilar, being not scoped, and an exception case that
has a value syntax that is entirely different.

I did not realize that the AttributeValue element could be omitted.

>> If you want something that's exactly the same, it's
eduPersonPrincipalName.

So here are some examples of formatting the eduPersonScopedAffiliation
that I have come up with. This is to see if I am understanding the
document correctly.

SAML 2.0 Example:
-----------------------
<saml2:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" 
		FriendlyName="eduPersonScopedAffiliation">
	<saml2:AttributeValue
xsi:type="xsd:string">cantor.2 at osu.edu</saml2:AttributeValue>
</saml2:Attribute>

<saml2:NameIdentifier
Format="urn:oid:1.3.6.1.4.1.5923.1.1.1.9">cantor.2 at osu.edu</saml2:NameId
entifier>

<saml2: Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" 
		FriendlyName="eduPersonScopedAffiliation">
	<saml2:AttributeValue
Scope="osu.edu">cantor.2</saml2:AttributeValue>
</saml2:Attribute>

SAML 1.0 Examples:
-----------------------
<saml:Attribute
AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri" 
	
AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation ">
	<saml:AttributeValue
Scope="osu.edu">cantor.2</saml:AttributeValue>
</saml:Attribute>

<saml:Attribute
AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"
		AttributeName="urn:oid:1.3.6.1.4.1.5923.1.1.1.9">
	<saml:AttributeValue
xsi:type="xsd:string">cantor.2 at osu.edu</saml:AttributeValue>
</saml:Attribute>

<saml:Attribute AttributeNamespace="http://schemas.xmlsoap.org/claims"
		AttributeName="urn:oid:1.3.6.1.4.1.5923.1.1.1.9">
	<saml:AttributeValue
xsi:type="xsd:string">cantor.2 at osu.edu</saml:AttributeValue>
</saml:Attribute>

<saml:NameIdentifier
Format="urn:oid:1.3.6.1.4.1.5923.1.1.1.9">cantor.2 at osu.edu</saml:NameIde
ntifier>



Scott Klawitter

More information about the users mailing list