multiple entity ID in shibboleth IdP

Etienne Dysli Metref etienne.dysli-metref at
Thu Nov 11 14:53:46 UTC 2021

On 10.11.21 08:01, Noriyuki TAKEI wrote:
> Can I have multiple entity ID in one same shibboleth IdP? For 
> example, I'd like to have 2 entity ID 
> ( , 
> in one IdP.

If you hack it enough, yes. ;) See my presentation on this topic at
TNC19 [1,2].

> SWITCH edu-ID: How to spoof Identity Providers
> In this presentation, we present new developments of the SWITCH
> edu-ID service during the last two years. As presented earlier, the
> key aspect of edu-ID is to tie the identity, i.e. the account and
> it's associated information, to the person using it instead of to the
> organisation providing it. Thus the identity can span multiple
> relationships with academic institutions, the latter only adding (and
> later removing) attributes to the account that describe the person's
> affiliation with the institution. Hence, edu-ID introduces a more
> comprehensive long-term identity schema with personal attributes
> provided by users themselves and affiliation attributes provided by
> organisations. These "attribute sets" have varying sources and
> degrees of quality. How can they be managed, kept up to date, deleted
> and transmitted to services that use them? These are the challenges
> our developments address, with a strong penchant for backward
> compatibility and minimisation of changes for existing services.


[1] sessions "10B Trust and
Security for Students"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the users mailing list