Remap existing attribute at IdP for a particular SP?
Rob Ansaldo
rlansaldo at amherst.edu
Thu Aug 23 11:48:00 EDT 2012
On Aug 23, 2012, at 10:34 AM, Peter Schober <peter.schober at univie.ac.at> wrote:
> * Rob Ansaldo <rlansaldo at amherst.edu> [2012-08-23 15:22]:
>> We have a commercial SP that insists that our IdP assert an
>> eduPersonPrincipalName for each of our users and that this value be
>> a unique identifier for each user that will not change over
>> time. Our eppn is the user's netid, which can change over time (name
>> changes, class year change, etc). Our employeeNumber attribute does
>> not change over time and we would like to provide this attribute for
>> eppn, but just for this one SP.
>
> Usually you would create a new attribute definition in your IdP, pull
> in employeeNumber as value and encode it as eduPersonPrincipalName on
> the wire.
> Then only release this new attribute to this specific SP, not your
> original one with netid values.
> -peter
> --
Works perfectly! A little messy to have a "special" attribute for one SP, but I can live with it.
Thank you!
More information about the users
mailing list