Blackboard Transact and IdP 3

Peter Schober peter.schober at
Tue May 24 14:11:37 EDT 2016

* IAM David Bantz <dabantz at> [2016-05-24 19:28]:
> <!-- Bb Transact require something like ePPN in the SAML Subject -->

What format are you sending, then? The SAML1.1 email constant?
Or is it known they don't even check the format?

And they're making attribute queries then, based on that NameID value
from the subject? I.e., you'd have to be able to resolve the
subject/principal based on an incoming ePPN value?
(In v2 speak: have a PrincipalConnector that can resolve ePPNs)?

Personally I sure hope that's all not in fact the case. Ignoring
POST'ed attributes, insisting on queries, and then not accepting
transient NameIDs perfectly suitable for queries sounds like a very
weird combination, even for "vendor" SAML integrations.

> <!-- Bb Transact requires its own unique FriendlyNames so add
> definitions and encoders with those FriendlyNames -->

There were lots of BblastName, BbgivenName, BbuserName,
etc. attributes released, as per the OP's audit log.

More information about the users mailing list