Attributes – how to exclude scope

Peter Schober peter.schober at
Sat Dec 15 15:08:55 EST 2018

* IAM David Bantz <dabantz at> [2018-12-14 23:00]:
> do not name it eduPersonUniqueId though because it will not be!

Exactly. So no, there is no way to send ePUID in a broken form legally.

Which amouts to you making up your own stuff and send that instead.

Also, ePUID is a thing of the past, IMHO, now that the OASIS SAML
SubjectID Attributes profile exists. But that too has scopes in it ;)
so the SP better get used to it as these will become the standard
identifier(s) for SAML if we have any success of improving upon the
status quo with half a dozen identifier attributes.


More information about the users mailing list