Tracing edupersontargetedid to usernames

Cantor, Scott cantor.2 at
Fri May 23 11:03:24 EDT 2014

On 5/23/14, 10:44 AM, "Morris, Andi" <amorris at> wrote:

>I¹ve received a request to trace a username that accessed a resource
>authenticated by our Shibboleth IDP, and the user ID given by the remote
>supplier is (as expected) the eduPersonTargetedID. Is there any way I can
>trace that value to
> an internal user here? I can¹t seem to find anything in the shibboleth

There isn't anything, but you can get the assertion ID from the SP and
then track back with that.

Using hashing as a strategy presupposes to some degree you don't have this
use case. That was one of the reasons we pushed the database approach, and
eventually after it was clear that wasn't going to result in anybody using
a database, we just decided to stop arguing over it because the number of
cases where people needed this was rare.

-- Scott

More information about the users mailing list