Question on Shibboleth V3 ( Migration from older Shibboleth?

Peter Schober peter.schober at
Fri Nov 13 17:28:40 UTC 2020

Is there a relation between the Subject line of your post and the
content of your post? Something about upgrading a Shibboleth IDP?
Possibly to version 4?

More comments/questions below.

* s chang via users <users at> [2020-11-13 18:13]:
> We are trying to deploy Shibboleth V3 ( with ADFS 3.0.

Do you mean you're trying to use ADFS as a SAML 2.0 SP with your
Shibboleth v3 IDP?

> Set up "Edit claim rules for Claim provider trust" failed.

Should that mean anything to us? That's not something from the
Shibboleth documentation, is it?

> On Custom Rule, we tried below rule. But OID and name  seems outdated

Outdated how?
How did you come to the conclusion that an OID or name was "outdated"?

> Does anyone know what is the latest Shibboleth’s OID to map to
> ADFS’s claim type “Name” and “UPN” below?
> c:[Type == "urn:oid:", Value=~
> "^.+ at$"]=> issue(Type =
> "",Issuer
> = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value =
> c.Value,ValueType = c.ValueType);

I don't understand the question. Shibboleth has no OIDs of its own,
the software can be configured to use whatever formal attribute names
you want to use/support.

I don't speak "ADSF claims" myself so I cannot tell what the above
does or means or how that's related to the eduPersonPrincipalName
attribute (defined in the eduPerson-specification) whose OID you have
included above.

Best regards,

More information about the users mailing list