eduPersonTargetedID and transcoder rules
Wessel, Keith
kwessel at illinois.edu
Fri Apr 1 22:07:57 UTC 2022
All,
Alright, I'm trying too hard here, but this has become a curiosity for me. So, I'm going to go ahead and ask a totally absurd question. Absurd because I should be trying to get people to stop using eptid instead of trying to make it work with the attribute registry.
I tried moving the encoders for eduPersonTargetedID into the registry in $IDP_HOME/attributes/custom/eptid.properties. It looks like this:
id = eduPersonTargetedID
transcoder = SAML2XMLObjectTranscoder SAML1XMLObjectTranscoder
saml2.name = urn:oid:1.3.6.1.4.1.5923.1.1.1.10
saml1.name = urn:oid:1.3.6.1.4.1.5923.1.1.1.10
decoder = false
So, what's left in attribute-resolver.xml is:
<AttributeDefinition id="eduPersonTargetedID" xsi:type="SAML2NameID"
nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
<InputDataConnector ref="computedID" attributeNames="computedID" />
</AttributeDefinition>
But the IdP doesn't include an eduPersonTargetedID in the released assertion.
If I remove decoder = false from eptid.properties, though, it works. Not the end of the world to have it available for processing for decoding in the unlikely event that an upstream IdP should even send it or I work some similar magic with it elsewhere. But why does adding decoder = false cause it to stop being processed when encoding the response to the SP?
Thanks,
Keith
More information about the users
mailing list