eduPersonTargetedID and transcoder rules

Wessel, Keith kwessel at
Fri Apr 1 22:07:57 UTC 2022


Alright, I'm trying too hard here, but this has become a curiosity for me. So, I'm going to go ahead and ask a totally absurd question. Absurd because I should be trying to get people to stop using eptid instead of trying to make it work with the attribute registry.

I tried moving the encoders for eduPersonTargetedID into the registry in $IDP_HOME/attributes/custom/ It looks like this:

id = eduPersonTargetedID
transcoder = SAML2XMLObjectTranscoder SAML1XMLObjectTranscoder = urn:oid: = urn:oid:
decoder = false

So, what's left in attribute-resolver.xml is:

    <AttributeDefinition id="eduPersonTargetedID" xsi:type="SAML2NameID"
        <InputDataConnector ref="computedID" attributeNames="computedID" />

But the IdP doesn't include an eduPersonTargetedID in the released assertion.

If I remove decoder = false from, though, it works. Not the end of the world to have it available for processing for decoding in the unlikely event that an upstream IdP should even send it or I work some similar magic with it elsewhere. But why does adding decoder = false cause it to stop being processed when encoding the response to the SP?


More information about the users mailing list