IdPv3 and generating persistent NameID

Sara Hopkins sara.hopkins at ed.ac.uk
Fri May 1 12:55:35 EDT 2015


On 01/05/2015 17:04, Cantor, Scott wrote:

> The point being that because that's actually a feature difference as
> opposed to "it works the same but is configured differently",
> actually removing those deprecated AttributeEncoders will be a longer
> conversation, not something we do on a whim. But they're still
> deprecated. By which I mean, their use shouldn't be encouraged in any
> default material, and any existing use should be looked at as a thing
> to remediate.

Hence my investigations.

>> eduPersonTargetedID/urn:oid:1.3.6.1.4.1.5923.1.1.1.10 is a core UK
>> federation attribute,
>
> It's not meant to be an attribute though except in SAML 1, which
> ought to be fading out of use anyway.

OK. Unfortunately no one told me that six years ago. Nor in the 
intervening years until now, for that matter.

> For use as a NameID, you use the new generators, which work exactly
> the same way. To support it as an Attribute, you have to use the
> deprecated feature.

OK, many thanks.

Sara
-- 
Sara Hopkins
Support Team
UK Access Management Federation for Education and Research
web:    http://www.ukfederation.org.uk/

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.


More information about the users mailing list