Calculate ComputedId value outside of shibboleth idp

Paul B. Henson henson at cpp.edu
Thu Jan 21 23:10:12 EST 2016


On Thu, Jan 21, 2016 at 07:02:45PM +0000, Cantor, Scott wrote:

> I can point you to the right class, if necessary.

Thanks for the offer, but once I resigned myself to digging through the
code it was pretty easy to find it in the java-shib-common repo in the
ComputedIDDataConnector.java file.

> There's no way I know of to do it unless somebody built a tool, but if
> you want to file a RFE to add an admin interface to do that, that
> seems useful.

Turns out it was pretty trivial after all. The documentation says it's
computed from the sha1 hash of the requestors entityid, the supplied
attribute, and the salt, but it neglected to mentioned those three
values were gratuitiously separated with a ! when calculating the hash
8-/. The following perl one-liner will generate a computedID equivilent
to the idp data connector:

perl -e 'use Digest::SHA qw(sha1_base64); $digest = sha1_base64("entity_id!attribute!salt"); $eqn = length($digest) % 4; print $digest; print "=" x (4-$eqn) . "\n"'

-- 
Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
Operating Systems and Network Analyst  |  henson at cpp.edu
California State Polytechnic University  |  Pomona CA 91768


More information about the users mailing list