Question on Shibboleth V3 ( Migration from older Shibboleth?

s chang shirleyc2003 at
Fri Nov 13 18:02:14 UTC 2020

 We were using old Shibboleth build, the existing oid mapping is not work after upgrade to V3. Upgrade to V4 is not an option for us for now.Yes, this is trying ADFS SAML 2 SP with Shibboleth V3 IdP. 
    On Friday, November 13, 2020, 09:28:57 AM PST, Peter Schober <peter.schober at> wrote:  
 Is there a relation between the Subject line of your post and the
content of your post? Something about upgrading a Shibboleth IDP?
Possibly to version 4?

More comments/questions below.

* s chang via users <users at> [2020-11-13 18:13]:
> We are trying to deploy Shibboleth V3 ( with ADFS 3.0.

Do you mean you're trying to use ADFS as a SAML 2.0 SP with your
Shibboleth v3 IDP?

> Set up "Edit claim rules for Claim provider trust" failed.

Should that mean anything to us? That's not something from the
Shibboleth documentation, is it?

> On Custom Rule, we tried below rule. But OID and name  seems outdated

Outdated how?
How did you come to the conclusion that an OID or name was "outdated"?

> Does anyone know what is the latest Shibboleth’s OID to map to
> ADFS’s claim type “Name” and “UPN” below?
> c:[Type == "urn:oid:", Value=~
> "^.+ at$"]=> issue(Type =
> "",Issuer
> = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value =
> c.Value,ValueType = c.ValueType);

I don't understand the question. Shibboleth has no OIDs of its own,
the software can be configured to use whatever formal attribute names
you want to use/support.

I don't speak "ADSF claims" myself so I cannot tell what the above
does or means or how that's related to the eduPersonPrincipalName
attribute (defined in the eduPerson-specification) whose OID you have
included above.

Best regards,
For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list