SAML2NameID deprecated (and therefore eduPersonTargetedId?)

Peter Schober peter.schober at
Mon Jun 5 13:02:35 UTC 2023

* Cantor, Scott via users <users at> [2023-06-05 14:12]:
> My guess is that 90% or more of them will function identically with
> the NameID.

And the rest of those SPs should be changed, with the information that
thousands of subjects from hundreds of IDPs may no longer be able to
log in soon(-ish) if they don't.
Even better if that message comes from paying customers (or a
collection of those) than from unrelated third parties such as
federation operators. (I still think we should coordinate this across
the community, see below).

Personally I'd rather ask them to start accepting pairwise-id if I
need to be having that conversation with them, instead of trying to
get them to the status quo of 2015 CE (when SAML 2.0 was released
introducing persistent NameIDs).

> The only people that can fix this legacy mess are all of you.

Right. Deployers need to move on this together, IMO, via eduGAIN or
REFEDS, also involving the SP side(s), e.g. via FIM4L and/or
communication efforts targeting all known "incapable" SPs.


More information about the users mailing list