IdPv3 and generating persistent NameID
sara.hopkins at ed.ac.uk
Fri May 1 12:55:35 EDT 2015
On 01/05/2015 17:04, Cantor, Scott wrote:
> The point being that because that's actually a feature difference as
> opposed to "it works the same but is configured differently",
> actually removing those deprecated AttributeEncoders will be a longer
> conversation, not something we do on a whim. But they're still
> deprecated. By which I mean, their use shouldn't be encouraged in any
> default material, and any existing use should be looked at as a thing
> to remediate.
Hence my investigations.
>> eduPersonTargetedID/urn:oid:220.127.116.11.4.1.5918.104.22.168.10 is a core UK
>> federation attribute,
> It's not meant to be an attribute though except in SAML 1, which
> ought to be fading out of use anyway.
OK. Unfortunately no one told me that six years ago. Nor in the
intervening years until now, for that matter.
> For use as a NameID, you use the new generators, which work exactly
> the same way. To support it as an Attribute, you have to use the
> deprecated feature.
OK, many thanks.
UK Access Management Federation for Education and Research
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
More information about the users