[EXT] eduPersonTargetedID
Robert Lamothe
robert_lamothe at yahoo.com
Tue May 7 12:28:19 EDT 2019
In my config it's commented out:
#idp.persistentId.sourceAttribute = changethistosomethingreal
What is the default of this?
Regards-Bob
--
Bob Lamothe
robert_lamothe at yahoo.com
KB1BOB
603-918-6336
On Tuesday, May 7, 2019, 12:13:59 PM EDT, Yeargan, Yancey <Yancey.Yeargan at untsystem.edu> wrote:
Take a look at the conf/saml-nameid.properties file, specifically the property "idp.persistentId.sourceAttribute". If that AD attribute changes as a result of a password change, then the value of eduPersonTargetedID will also change.
--Yancey YearganUniversity of North Texas System
On May 7, 2019, at 10:56 AM, Robert Lamothe <robert_lamothe at yahoo.com> wrote:
Howdy,
For a few months I've had an SP complaining that they need to reset the accounts of our users on a periodic basis. We've been monitoring this for some time and have identified that after one of our users is forced to change their AD password their account requires a reset.
We've further identified that when a user changes their AD password it changes their eduPersonTargetedID value. By resetting the account they clear the value set in eduPersonTargetedID and allows a new one to be set.
When I read up on this attribute I find that it's made up of a triple tuple, one of which is generated. It's also supposed to be persistent but it's persistence doesn't have to be lifetime.
Can anyone help me understand why this attribute might change after an AD password change?
Thanks-Bob
--
Bob Lamothe
robert_lamothe at yahoo.com
KB1BOB
603-918-6336
--
For Consortium Member technical support, see https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.shibboleth.net%2Fconfluence%2Fx%2FcoFAAg&data=02%7C01%7CYancey.Yeargan%40untsystem.edu%7Cdad55e69bed342d399d608d6d3048bbd%7C70de199207c6480fa318a1afcba03983%7C0%7C0%7C636928413808439771&sdata=mi8rzW4b3cxphulQ%2FNyFyctb75yxMW98fIsCmHD63oM%3D&reserved=0
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190507/f52ce817/attachment.html>
More information about the users
mailing list