>>> On 02/12/2009 at 09:52, in message <[log in to unmask]>, Adrian Barker
<[log in to unmask]> wrote:
> We are planning to migrate to Shibboleth 2, and need to verify that the
> eduPersonTargetedID will not change, but I'm not sure how to test this.
> We are running a Shibboleth 1.3 IdP and 2.0 IdP in parallel, with the
> same entityID, and can point a test Service Provider at one or the other
> IdP and display the attributes, but the format of the
> eduPersonTargetedID has changed, and I don't understand the technical
> details involved.
The entityID doesn't seem to affect ePTID, I've got the Shib 2 IdP up as idptest and it generates the same ePTID, I have both IdPs in the metadata with idptest hidden just now .
I've been to target.iay.org.uk and selected the shib2 IdP and I get:
HTTP_SHIB_TARGETEDID [log in to unmask]
HTTP_SHIB_TARGETEDID2 https://idptest.dundee.ac.uk/shibboleth!urn:mace:ac.uk:sdss.ac.uk:provider:service:target.iay.org.uk!UlNWiIQjIQsnLzQVoL7YIyK8mBU=
If I select the main shib 1 IdP I get:
HTTP_SHIB_TARGETEDID [log in to unmask]
HTTP_SHIB_TARGETEDID2
Both IdPs use the same salt (generated eptid).
I think that means that its all OK ?? Please tell me someone if its not!!
I'm going to use your technique for the migration, rename the shib 2 IdP on the other box to idp.dundee with the same entityID as the V1 box and put a proxypass in the V1 IdPs apache to the V2 IdPs tomcat.
Cheers
Andy
The University of Dundee is a registered Scottish charity, No: SC015096
|