Cunfigure eduPersonTargetedID shibboleth Idp windows 3.4

Aisha Al Fudhaili aisha at
Wed Sep 22 11:39:59 UTC 2021

Dear Peter,

Thank you for support. I made the changes but still I got errors. I'm not fully understand how to configure data connector.  Could you please show me example. Please see what I did

<AttributeDefinition xsi:type="Scoped" id="samlPairwiseID" scope="%{idp.scope}">
        <InputDataConnector ref="computed" attributeNames="computedId"/>
        <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oasis:names:tc:SAML:attribute:pairwise-id" friendlyName="pairwise-id" encodeType="false" />


    <!-- ========================================== -->
    <!--      Data Connectors                       -->
    <!-- ========================================== -->

    <DataConnector id="staticAttributes" xsi:type="Static">
        <Attribute id="affiliation">

 <DataConnector id="myLDAP" xsi:type="LDAPDirectory"

<DataConnector id="computed" xsi:type="ComputedId"
        <InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}" />

In ldap.poropaties

idp.attribute.resolver.LDAP.baseDN=%{idp.authn.LDAP.baseDN:CN=Users, DC=idp, DC=omren, DC=om}

In log file:

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myLDAP': Invocation of init method failed; nested exception is java.lang.NullPointerException


-----Original Message-----
From: Peter Schober <peter.schober at> 
Sent: Wednesday, September 22, 2021 1:24 PM
To: Aisha Al Fudhaili <aisha at>
Cc: Shib Users <users at>
Subject: Re: Cunfigure eduPersonTargetedID shibboleth Idp windows 3.4

* Aisha Al Fudhaili <aisha at> [2021-09-22 08:15]:
> I want to release eduPersonTargetedID for eduroam monitor

eduPersonTargetedID is deprecated and should be avoided where possible. I'm aware that the eduroam monitor still uses it but it doesn't require eduPersonTargetedID specifically:

Since 2018 the eduroam monitor or CAT also accepts SAML PairwiseID or SAML Subjectid, the new(er) SAML Standard Identifiers.
(I know because I've worked with Miro and Dubravko to get this to work.)

So instead of trying to add support for something that should no longer be used why not add support for what's increasingly going to be used in many SPs?

But even when using PairwiseID instead of eduPersonTargetedID you'd still have to fix the dependency (InputDataConnector or
InputAttributeDefinition) on your "ComputedId" DataConnector as I previously wrote.
If my explanation was not clear please ask and I can try again.

(Short version: You need to have a user-specific attribute that is different for every subject using yor IDP and use *that* as input to the "ComputedId" DataConnector. Not a static attribute value that's the same for everyone.)


More information about the users mailing list