Uncertainty about scopes in metadata and it's relation to scoped attributes.
bmathis at pima.edu
Wed Jul 3 13:44:55 EDT 2019
First off, thank you for your time in reading this for any patience you
can have with my lack of understanding how metadata works or is used.
We have a helpdesk/ticket tracking system that we are using. We are the
idp and they are the SP and they/we are using InCommon in this case for our
We are sending the eduPersonPrincipalName along with a few other basic
attributes at login.... though I'm pretty sure the eduPersonPrincipalName
is what is being
used to actually login/authorize access.
Currently all our College staff are able to login and use the system. For
example my eduPersonPrincipalName value is e.g. bmathis at pima.edu this
We now have some who want to add students to the system. When they attempt
login they are denied access (actually it looks like it goes into a loop).
The student eduPersonPrincipalName value is using a subdomain like this
student1 at mail.pima.edu.
We have asked the vendor to allow users that have eduPersonPrincipalName
value of username at mail.pima.edu to be valid users of the system.
Their response was that we would need to change our metadata with inCommon
to allow the new scope... I assume they mean add mail.pima.edu to the scope
I do see we have a scope in our metadata for pima.edu .... which is
correct. Due to my ignorance I'm not certain if what they are asking is
valid .... I have read some of the
Incommon documentation about it ... at
but I'm still processing it. It appears I can add another scope but it
will most certain generate manaul vetting if I do.
I guess I just want to make sure..... is this really needed to resolve our
We are sending them the correct value for the user in the
eduPersonPrincipalName I'm not understanding why our metadata needs the
scope added... why can't they userthe
eduPersonPrincipalName we send them.
I figure they really know what they are talking about or .. they might be
as uneducated about it as I am :-)
Thanks for any feedback you have.
IT Principal Systems Analyst
Infrastructure Services - Applications
Pima Community College
bmathis at pima.edu
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users