IAM David Bantz dabantz at
Mon Aug 30 18:57:04 UTC 2021

 Yes, CircleIn.

Ironically, this is was the 3rd instance of a CircleIn relying party in my
IdP. The previous 2 use a hosting service and happily consume persistent
employeeNumber and/or eduPersonUniqueId (name-based UID is not guaranteed
persistent, so I always urge use of the ID# and/or ePUID).

This 3rd instance was relying on their newer in-house SAML Service. Before
we got too far into attribute consumption however, CircleIn abandoned
attempts to use their internal SAML service because they were unable to
provide a digitally signed request that my Shibboleth IdP would accept. So
we’re back to them relying on hosting service and consuming persistent
employeeNumber identifier.

On 30Aug, 2021 at 10:33:30, Leonard J. Peirce <leonard.peirce at>

> On 2021-08-23 3:11 p.m., Cantor, Scott wrote:
> On 8/23/21, 2:48 PM, "users on behalf of IAM David Bantz" <
> users-bounces at on behalf of dabantz at> wrote:
> > A newly licensed vended service Is requesting I release “sis_login_id”
> attribute. Is this more than a blinkered
> > “We’ll make it up as we go along” integration policy?
> This sounds familiar -- CircleIn?
> ...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list