RE: Attributes – how to exclude scope

Kurtz, Anna anna.kurtz at
Mon Dec 17 18:50:43 EST 2018

I am not sure why the SP cannot distinguish the scope separately as I agree there could be duplicates in ePUID with other IdPs. I think our best bet it to do a new attribute with no scope. Thank you all for the suggestions and responses!


From: users [mailto:users-bounces at] On Behalf Of IAM David Bantz
Sent: Friday, December 14, 2018 3:59 PM
To: Shib Users <users at>
Subject: Re: Attributes – how to exclude scope

Create/release a new attribute without scope (perhaps the underlying identifier you use to create ePUID);
do not name it eduPersonUniqueId though because it will not be!

David Bantz

On Fri, Dec 14, 2018 at 12:24 PM Kurtz, Anna <anna.kurtz at<mailto:anna.kurtz at>> wrote:
We have recently released the eduPersonUniqueID to an SP. We set the ePUID to be scoped in the attribute resolver. We are on IdP 3.2.1

The SP that requires the ePUID is seeing the value as [id value]@[scope] and they do not know how to deal with the scope. They just need the [id value]. The SP is not able to make any changes to ignore the scope.

Is there a way in the attribute resolver or filter on our end to change how the ePUID is sent to just that one SP? We want to try and exclude the scope for them.

Thank you!

For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at<mailto:users-unsubscribe at>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list