Attributes – how to exclude scope
Peter Schober
peter.schober at univie.ac.at
Sat Dec 15 15:08:55 EST 2018
* IAM David Bantz <dabantz at alaska.edu> [2018-12-14 23:00]:
> do not name it eduPersonUniqueId though because it will not be!
Exactly. So no, there is no way to send ePUID in a broken form legally.
Which amouts to you making up your own stuff and send that instead.
Also, ePUID is a thing of the past, IMHO, now that the OASIS SAML
SubjectID Attributes profile exists. But that too has scopes in it ;)
so the SP better get used to it as these will become the standard
identifier(s) for SAML if we have any success of improving upon the
status quo with half a dozen identifier attributes.
-peter
More information about the users
mailing list