Blackboard Transact and IdP 3

IAM David Bantz dabantz at
Tue May 24 15:48:04 EDT 2016

You must be right Scott; looking at old notes I see we thought we had this
working, but eventually let them solicit users' credentials and use AD
directly. No worries, it's only for financial transactions %-(


On Tue, May 24, 2016 at 11:39 AM, Cantor, Scott <cantor.2 at> wrote:

> >       There's no support by default to query on anything but transients.
> >
> > which is what the Transact SP receives in the first SAML response, and
> then
> > uses in the attribute query; the transient nameid happens to be
> > orthographically equivalent to unencrypted ePPN, but encoded as a
> transient
> > name ID and included the SAML authN response as such
> That wouldn't work, that's what I'm saying. The PrincipalConnector that is
> there by default only handles a transient NameID that can be reversed by
> mapping in memory back to the real user. A real EPPN would just be seen as
> an unmappable ID.
> -- Scott
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list