InC R&S IdP config breaks integration with R&S SP!
Cantor, Scott
cantor.2 at osu.edu
Mon Nov 24 16:15:21 EST 2014
On 11/24/14, 7:12 PM, "David Bantz" <dabantz at alaska.edu> wrote:
>
>mail is allowed to be multi-valued, but releasing a multi-valued
>attribute for mail prevents login, with a message that the IdP is not
>releasing the required attributes.
>
>I forgot that I had had to craft (resolve) a single-valued version of
>mail for FileSender and
>encode it with the mail OID.
>
>I could release this single-valued version of mail for all
>research-and-scholarship SPs,
>but am a little concerned this could create other issues down the road.
I don't think you will ever end up in a worse position by ending the
practice of exposing multiple values through the mail attribute. This is
one of those cases where you can stand on the definition and tell
everybody in the world to change, or accept that what people use the
attribute for is simply not consistent with sending more than one. It's
really up to you.
I tried to propose a different attribute for capturing "the single
institutional email address", and the feedback from at least some was that
it would add more confusion so I dropped it.
But in practice what apps want is an institutional email address that
ideally should be the same as EPPN, and you will have much less pain in
the long run just accepting that where possible. I know we have been much
happier for it.
>(FWIW, releasing both versions - that is two separate attribute clauses
>with mail attribute -
>also blocks FileSender login, even if both clauses have the same single
>value.)
I don't know what you mean by that exactly.
-- Scott
More information about the users
mailing list