eduPersonTargetedID - how is it constructed?

Rod Widdowson rdw at
Tue May 20 02:26:28 EDT 2014

> The reason I'm asking is that I've recently had a case of an IdP that
> moved from SimpleSAMLphp to Shib.
> It seems that SSP and Shib use a similar way to generate ePTID (they
> use a salt, entityid, and an attribute as input), but they're not
> exactly the same. This causes the IDs to be different, so all accounts
> break.

Just for information, is the SimplSAMLphp algorithm documented?

> Any ideas?

Nothing is going to be pretty.  
Two solutions spring to mind, depending on where your comfort is:

- You could deploy the StoredID and prepopulate the database with the IDs
that SSP would generate.
- Or if you were brave you could code up the SSP algorithm as a scripted
attribute.  You might 
be able to persuade the IdP to consume php which would make porting easier.

> and those drinks are a good idea!

Have a Guinness for me!

More information about the users mailing list