SAML2NameID deprecated (and therefore eduPersonTargetedId?)
Cantor, Scott
cantor.2 at osu.edu
Tue Nov 15 16:20:30 UTC 2022
The scoped pairwise ID subject Attribute isn't the replacement for this, it was replaced a decade ago by simply saying "use a SAML 2.0 persistent NameID". The Shibboleth SP has always treated those as functionally identical down to the syntax in the exported variable.
If there's honestly some crazy piece of code out there that can handle an XML-valued AttributeValue (which nothing ever handled beyond this except for our SP) and can't handle a NameID, then a) that's insane and b) it should get fixed.
I would like to remove this from the IdP, yes. Failing that, moving it into an unsupported plugin that we will not release ourselves but would make the code available for would be my preferred plan B, because if we don't force this, nobody seems willing to do anything about it. It's past time.
-- Scott
More information about the users
mailing list