eduPersonTargetedID - how is it constructed?

Rod Widdowson rdw at
Tue May 20 05:16:33 EDT 2014

> I'm not sure I understand what you mean by prepopulating a database.
> Does Shib IdP keep a database with users?

There is a data connector which does this:

> Maybe Peter can do a "Shib For Dummies" while having drinks today.

> I'm thinking of patching SSP so that it accepts an optional
> configuration parameter to generate the same ePTID as Shib does.
> People migrating from Shib to SSP could then just flip this switch and
> everything would be good.

That would certainly be the most general solution.  If you are happy enough
with Spring to be writing a plugin it would not be difficult either - you'll
find that there is about 98% boiler plate and 2% code.

Specifically you would want to define a Data Connector (with associated XML

The User would then just configure the whole thing as usual:

    <resolver:DataConnector xsi:type="yournameSpace:SimpleSamlComputedId"
                            salt="your random string here">
        <resolver:Dependency ref="myLDAP" />

And the rest would be as usual.

Checkout the page for
places where you might want to start looking for examples - I'd start with
the MDRPI filter code since it will plug in exactly the same manner - but
that’s code I'm very familiar with.

If you need more details which you cannot get sorted this week face to face,
I suggest you take this to the shib-dev list since we are getting a bit
technical now.

More information about the users mailing list