Transforming remote user attribute at the SP.

Friedrich Clausen fred at derf.nl
Thu Jul 26 03:41:21 EDT 2012


> That isn't what it does. A scoped decoder's job is to capture both parts
> properly so that filtering by scope works. The serialized form is exactly
> that.

Thanks for the clarification.

> And you would NOT want to drop the scope. That won't be unique and that's
> a very bad idea. What is your use case? If it's not a federated
> application (so uniqueness isn't an issue), you could just use a
> different/custom attribute as an identifier.

The application stores the users as just the plain user name which is
why we want to have the remote user attribute only store the user name
without the scope. After reading your explanation above it appears
that a different attribute with just the user name appears the way to
go. The application will only be authenticating users from one source
so uniqueness is not a problem.

Thanks,

Fred.


More information about the users mailing list