targeted-id question

Mike Flynn shibbolethlynda at
Mon Feb 18 12:52:27 EST 2013

I have a school in the UK that wants to use targeted-id as a unique ID for user access.

I have this in my config:

    <!-- A persistent id attribute that supports personalized anonymous access. -->
    <!-- First, the deprecated version, decoded as a scoped string: -->
    <Attribute name="urn:mace:dir:attribute-def:eduPersonTargetedID" id="targeted-id">
        <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
        <!-- <AttributeDecoder xsi:type="NameIDFromScopedAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name"/> -->
    <!-- Second, an alternate decoder that will turn the deprecated form into the newer form. -->
    <Attribute name="urn:mace:dir:attribute-def:eduPersonTargetedID" id="persistent-id">
        <AttributeDecoder xsi:type="NameIDFromScopedAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name"/>
    <!-- Third, the new version (note the OID-style name): -->
    <Attribute name="urn:oid:" id="persistent-id">
        <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name"/>

    <!-- Fourth, the SAML 2.0 NameID Format: -->
    <Attribute name="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" id="persistent-id">
        <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name"/>

Once I have a session with them, I see this:

Miscellaneous Client Address: Identity Provider: SSO Protocol: urn:oasis:names:tc:SAML:2.0:protocol Authentication Time: 2013-02-18T17:39:59Z Authentication Context Class: (none) Authentication Context Decl: urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified Session Expiration (barring inactivity): 479 minute(s) Attributes affiliation: member at targeted-id:
So on my protected resource I then expect to see http_targeted-id in the request headers but it is not there.  
I have asked them to switch to persistent-id for this but apparentlythey have some challenge with that...
(stupid Ymail formatting...)
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list