Configuring Shibboleth for Zoom

Donald Lohr lohrda at
Mon Aug 24 19:05:28 UTC 2020

Thanks, this has been very helpful.

Does anyone have a functioning Shibboleth IdP configuration via InCommon?

The reason I ask, is that another school told us:

/Zoom is an InCommon member and we first attempted to configure with 
InCommon. However, we had some challenges with the way they signed 
assertions and logout. So, we decided we should do a manual 
configuration of SSO instead. /

But I believe they've been a Zoom customer for a few years.


On 8/21/20 10:41 PM, Lohr, Donald A - lohrda wrote:
> Referring to this URL:
> <>
> states the following:
> First, configure your IdP to send us the following
>   * Any unique identifier linked to nameID such as
>     eduPersonTargetedID, persistentID, or mail
>   * (Optional) Accepted attributes are email
>     (urn:oid:0.9.2342.19200300. 100.1.3), sn (urn:oid:,
>     and givenName (urn:oid:
> Our plan would be to configure Shibboleth to set the nameID for Zoom 
> to not be a user's email address. We want to use a better unique & 
> never changing attribute, the user's eduPersonUniqueId attribute 
> value. We will also send Zoom a user's mail, givenname and sn 
> attribute values.
> Is anyone's Shibboleth configuration for Zoom using something other 
> than email as the nameID value?  If so have you encountered any issues 
> with nameID not set as a users email value? Especially with SSO login, 
> the emailing of or accepting invitations or using the Canvas LTI Pro 
> component.
> -- 
> D o n a l d   L o h r
> I n f o r m a t i o n   S y s t e m s
> J a m e s   M a d i s o n   U n i v e r s i t y
> 5 4 0 . 5 6 8 . 3 7 3 0

D o n a l d   L o h r
I n f o r m a t i o n   S y s t e m s
J a m e s   M a d i s o n   U n i v e r s i t y
5 4 0 . 5 6 8 . 3 7 3 0

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list