SAML2NameID deprecated (and therefore eduPersonTargetedId?)
Silke Meyer
smeyer at dfn.de
Mon Jun 5 09:10:38 UTC 2023
Hi Scott, hi all,
coming back to this older thread about the deprecation of SAML2NameID...
> The scoped pairwise ID subject Attribute isn't the replacement for this, it was replaced a decade ago by simply saying "use a SAML 2.0 persistent NameID". The Shibboleth SP has always treated those as functionally identical down to the syntax in the exported variable.
>
> If there's honestly some crazy piece of code out there that can handle an XML-valued AttributeValue (which nothing ever handled beyond this except for our SP) and can't handle a NameID, then a) that's insane and b) it should get fixed.
>
> I would like to remove this from the IdP, yes. Failing that, moving it into an unsupported plugin that we will not release ourselves but would make the code available for would be my preferred plan B, because if we don't force this, nobody seems willing to do anything about it. It's past time.
With the release of IdP v5 ahead I was wondering how to deal with the
situation resp. what advice to give to our community:
We have been spreading the word about using the persistentID for years
but as of today there are still almost 80 Service Providers in DFN-AAI
who have labeled ePTID as a required attribute (not counting local SPs
in the organizations). Not every SP operator publishes their required
attributes so even more could be affected by the deprecation.
Removing it would certainly cause a considerable amount of support
requests here. I guess I would have a hard time explaining that there is
an unsupported and unreleased plugin that a relevant part of our 350+
Shibboleth IdPs would then need to use those ~80 SPs.
Afaik, the SAML2NameID is still part of the code right now. So I was
wondering if there was maybe a plan C, e.g. let it run the way it is in
v4. Is that an option?
Best, Silke
--
Silke Meyer
DFN-Verein | Verein zur Förderung eines Deutschen Forschungsnetzes e.V.
Alexanderplatz 1 | 10178 Berlin | Germany
Phone: +49 30 884299-306 | Mail: smeyer at dfn.de
Vorstand: Prof. Dr. O. Kao, Dr. R. Bockholt, C. Zens
Geschäftsführer: Dr. C. Grimm, J. Pattloch
AG Charlottenburg VR7729B | USt.-ID. DE 136623822
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5403 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://shibboleth.net/pipermail/users/attachments/20230605/09632246/attachment.p7s>
More information about the users
mailing list