sp services limit

jacob at collegenet.com jacob at collegenet.com
Mon Apr 11 12:19:14 EDT 2016

Hi Scott,

On 04/11/2016 at 06:35 AM, Scott Cantor wrote:
> It's just bad form in general. All those sites are undoubtedly *not* one service.

This is an interesting statement to me, because it means I probably have 
something significant still to learn about Shibboleth.  Suppose you have 
one application with a few hundred customers and each sends different 
attributes.  One might release uid for authorization and another might 
send uid to everybody but prefer ePPN for authorization.  A third might 
be unable to get their house in order and only be able to send something 
named mysillyattributename.  Once you go down the road to this extent, it 
is much simpler administratively to have a separate attribute map for 
each customer.  (Besides which it allows the SP to avoid the need for 
discovery.)  Are you saying it is bad form to create a separate 
application ID for each of these integrations?  Is there a better way to 
accomplish this?



Jacob Lundberg
Director, IT Architecture
jacob at collegenet.com
503.290.0100 (voice)
503.973.5252 (fax)
503.901.8343 (cell)

More information about the users mailing list