Blackboard Transact and IdP 3
IAM David Bantz
dabantz at alaska.edu
Tue May 24 15:48:04 EDT 2016
You must be right Scott; looking at old notes I see we thought we had this
working, but eventually let them solicit users' credentials and use AD
directly. No worries, it's only for financial transactions %-(
David
On Tue, May 24, 2016 at 11:39 AM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> > There's no support by default to query on anything but transients.
> >
> > which is what the Transact SP receives in the first SAML response, and
> then
> > uses in the attribute query; the transient nameid happens to be
> > orthographically equivalent to unencrypted ePPN, but encoded as a
> transient
> > name ID and included the SAML authN response as such
>
> That wouldn't work, that's what I'm saying. The PrincipalConnector that is
> there by default only handles a transient NameID that can be reversed by
> mapping in memory back to the real user. A real EPPN would just be seen as
> an unmappable ID.
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160524/c278882c/attachment.html>
More information about the users
mailing list