Remap existing attribute at IdP for a particular SP?
Peter Schober
peter.schober at univie.ac.at
Thu Aug 23 10:34:49 EDT 2012
* Rob Ansaldo <rlansaldo at amherst.edu> [2012-08-23 15:22]:
> We have a commercial SP that insists that our IdP assert an
> eduPersonPrincipalName for each of our users and that this value be
> a unique identifier for each user that will not change over
> time. Our eppn is the user's netid, which can change over time (name
> changes, class year change, etc). Our employeeNumber attribute does
> not change over time and we would like to provide this attribute for
> eppn, but just for this one SP.
Usually you would create a new attribute definition in your IdP, pull
in employeeNumber as value and encode it as eduPersonPrincipalName on
the wire.
Then only release this new attribute to this specific SP, not your
original one with netid values.
-peter
More information about the users
mailing list