IdP 3.3.1 to 3.4.6 -- transientID difference?

[Cantor, Scott]

> Full disclosure:  the 3.4.6 I'm using is a new install.

Please stop doing that. You will continue to waste your time and have nothing but pain. Eventually you'll decide that upgrading is too hard, but it isn't, not when you simply apply the upgrade. We spend dozens of hours making it work.

I don't understand what is causing this, but it will get worse with every new patch.

> Looking at the audit log entries for the SP for 3.3.1 and
> 3.4.6 I see small differences namely, 1) the transientID in the NameID being
> generated is different, and 2) the last field in 3.4.6 is "true" where in 3.3.1 is is
> blank.

There is one more field, but that's a bug; I accidentally checked in a change I didn't intend, and included a new field. The default format is, in any event, really worthless, but it was intended to be consistent in every release until 4.0 but only for new installs. Upgrades should never see a change to that format, and you wouldn't have. That would be a horrible thing to change when downstream consumers are factored in.

> I guess my question is:  should transientID be different between
> 3.3.1 and 3.4.6?

No, but I think your configuration was not 3.3.1, it was upgraded (properly) from something older, and yes, the default generator was changed for *new installs only* at some point, to eliminate state. I don't know when it changed but it's probably in the release notes log.

Any SP breaking as a result of that changing is broken, but the real problem was upgrading improperly or it wouldn't have happened.
 
-- Scott