Tracing edupersontargetedid to usernames

Morris, Andi amorris at
Sat May 24 08:00:21 EDT 2014

Would the assertion ID be found in the process.log and then in turn leading to the user ID or would that be somewhere else?

From: users-bounces at [users-bounces at] on behalf of Cantor, Scott [cantor.2 at]
Sent: 23 May 2014 16:03
To: Shib Users
Subject: Re: Tracing edupersontargetedid to usernames

On 5/23/14, 10:44 AM, "Morris, Andi" <amorris at> wrote:

>I¹ve received a request to trace a username that accessed a resource
>authenticated by our Shibboleth IDP, and the user ID given by the remote
>supplier is (as expected) the eduPersonTargetedID. Is there any way I can
>trace that value to
> an internal user here? I can¹t seem to find anything in the shibboleth

There isn't anything, but you can get the assertion ID from the SP and
then track back with that.

Using hashing as a strategy presupposes to some degree you don't have this
use case. That was one of the reasons we pushed the database approach, and
eventually after it was clear that wasn't going to result in anybody using
a database, we just decided to stop arguing over it because the number of
cases where people needed this was rare.

-- Scott

To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list