Tracing edupersontargetedid to usernames

[Cantor, Scott]

On 5/23/14, 10:44 AM, "Morris, Andi" <amorris at cardiffmet.ac.uk> wrote:

>I¹ve received a request to trace a username that accessed a resource
>authenticated by our Shibboleth IDP, and the user ID given by the remote
>supplier is (as expected) the eduPersonTargetedID. Is there any way I can
>trace that value to
> an internal user here? I can¹t seem to find anything in the shibboleth
>logs.

There isn't anything, but you can get the assertion ID from the SP and
then track back with that.

Using hashing as a strategy presupposes to some degree you don't have this
use case. That was one of the reasons we pushed the database approach, and
eventually after it was clear that wasn't going to result in anybody using
a database, we just decided to stop arguing over it because the number of
cases where people needed this was rare.

-- Scott