eduPersonTargetedID - how is it constructed?
Rod Widdowson
rdw at steadingsoftware.com
Tue May 20 02:26:28 EDT 2014
> The reason I'm asking is that I've recently had a case of an IdP that
> moved from SimpleSAMLphp to Shib.
> It seems that SSP and Shib use a similar way to generate ePTID (they
> use a salt, entityid, and an attribute as input), but they're not
> exactly the same. This causes the IDs to be different, so all accounts
> break.
Just for information, is the SimplSAMLphp algorithm documented?
> Any ideas?
Nothing is going to be pretty.
Two solutions spring to mind, depending on where your comfort is:
- You could deploy the StoredID and prepopulate the database with the IDs
that SSP would generate.
- Or if you were brave you could code up the SSP algorithm as a scripted
attribute. You might
be able to persuade the IdP to consume php which would make porting easier.
> and those drinks are a good idea!
Have a Guinness for me!
More information about the users
mailing list