<html><head></head><body><div class="ydpd7defa67yahoo-style-wrap" style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 13px;"><div></div>
<div dir="ltr" data-setdir="false">ok, thanks! </div><div dir="ltr" data-setdir="false">we saw something was incorrect with mapping attribute we will fix. </div><div dir="ltr" data-setdir="false"><br></div><div><br></div>
</div><div id="ydp8db88d3eyahoo_quoted_6242114587" class="ydp8db88d3eyahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Friday, November 13, 2020, 11:26:23 AM PST, Peter Schober <peter.schober@univie.ac.at> wrote:
</div>
<div><br></div>
<div><br></div>
<div>* s chang via users <<a shape="rect" href="mailto:users@shibboleth.net" rel="nofollow" target="_blank">users@shibboleth.net</a>> [2020-11-13 19:02]:<br clear="none">> We were using old Shibboleth build, the existing oid mapping is not<br clear="none">> work after upgrade to V3.<br clear="none"><br clear="none">Not sure what kind of answer you expect here. The only OID in your<br clear="none">example "code" was that of the eduPersonPrincipalName attribute and<br clear="none">the URI "urn:oid:1.3.6.1.4.1.5923.1.1.1.6" is still the formal name of<br clear="none">the eduPersonPrincipalName attribute for use with the SAML 2 protocol.<br clear="none"><br clear="none">So whatever your problem is, it is NOT the result of that OID having<br clear="none">become "bad" in the meantime.<br clear="none"><br clear="none">You'll need to explain what "oid mapping is not work" means.<br clear="none">If that's literally the case the problem is not with the Shibboleth<br clear="none">software because that's not where the "oid mapping" occurs, right?<br clear="none"><br clear="none">Look at the output of the IDP, e.g. using the aacli:<br clear="none"><br clear="none">/opt/shibboleth-idp/bin/aacli.sh --saml2 -n SOME_USER -r <a shape="rect" href="https://saml.example.org/sp" rel="nofollow" target="_blank">https://saml.example.org/sp</a><br clear="none"><br clear="none">and determine whether that's correct/expected.<br clear="none"><br clear="none">If you still have a copy of the old server around somewhere (before<br clear="none">the upgrade to IDPv3) you could also compare it with the output from<br clear="none">the old system.<br clear="none">You could also post the resulting SAML here and we can tell you<br clear="none">whether that looks sane, at least with regards to the<div class="ydp8db88d3eyqt0607334124" id="ydp8db88d3eyqtfd31278"><br clear="none">eduPersonPrincipalName attribute.<br clear="none"><br clear="none">-peter<br clear="none">-- <br clear="none">For Consortium Member technical support, see <a shape="rect" href="https://wiki.shibboleth.net/confluence/x/coFAAg" rel="nofollow" target="_blank">https://wiki.shibboleth.net/confluence/x/coFAAg</a><br clear="none">To unsubscribe from this list send an email to <a shape="rect" href="mailto:users-unsubscribe@shibboleth.net" rel="nofollow" target="_blank">users-unsubscribe@shibboleth.net</a><br clear="none"></div></div>
</div>
</div></body></html>