> Is the algorithm for generating the ePTID documented ? It would be
> useful to know how it is built.
Probably only via the Obi-Wan Kenobe method ("Use the source, Luke")
http://shibboleth.internet2.edu/javadocs/2.1.3/apidocs/edu/internet2/middleware/shibboleth/common/attribute/resolver/provider/dataConnector/ComputedIDDataConnector.html
"unique ID by computing the SHA-1 hash of a given attribute value, the
entity ID of the inbound message issuer, and a provided salt."
----- Original Message -----
From: "Adrian Barker" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, December 02, 2009 10:28 AM
Subject: Re: The eduPersonTargetedID and Shibboleth 2
> >>>> On 02/12/2009 at 09:52, in message <[log in to unmask]>, =
> >Adrian Barker
> ><[log in to unmask]> wrote:
> >> We are planning to migrate to Shibboleth 2, and need to verify that =
> >the=20
> >> eduPersonTargetedID will not change, but I'm not sure how to test =
> >this.=20
> >> We are running a Shibboleth 1.3 IdP and 2.0 IdP in parallel, with
> >> the=20
> >> same entityID, and can point a test Service Provider at one or the =
> >other=20
> >> IdP and display the attributes, but the format of the=20
> >> eduPersonTargetedID has changed, and I don't understand the
> >> technical=20
> >> details involved.
> >
> >The entityID doesn't seem to affect ePTID, I've got the Shib 2 IdP up as
> >=
> >idptest and it generates the same ePTID, I have both IdPs in the
> >metadata =
> >with idptest hidden just now .
> >
> >I've been to target.iay.org.uk and selected the shib2 IdP and I get:
> >
> >HTTP_SHIB_TARGETEDID [log in to unmask]
> >HTTP_SHIB_TARGETEDID2
> >https://idptest.dundee.ac.uk/shibboleth!urn:mace:ac.u=
> >k:sdss.ac.uk:provider:service:target.iay.org.uk!UlNWiIQjIQsnLzQVoL7YIyK8mBU=
> >=3D=20
> >
> >
> >If I select the main shib 1 IdP I get:
> >
> >HTTP_SHIB_TARGETEDID [log in to unmask]
> >HTTP_SHIB_TARGETEDID2 =20
> >
> >Both IdPs use the same salt (generated eptid).
> >
> >I think that means that its all OK ?? Please tell me someone if its =
> >not!!
> >
> >
> >I'm going to use your technique for the migration, rename the shib 2 IdP
> >=
> >on the other box to idp.dundee with the same entityID as the V1 box and
> >=
> >put a proxypass in the V1 IdPs apache to the V2 IdPs tomcat.
> >
> >Cheers
> >Andy
> >
> >
> >The University of Dundee is a registered Scottish charity, No: SC015096
>
>
> Andy,
>
> Thanks for this.
>
> Is the algorithm for generating the ePTID documented ? It would be
> useful to know how it is built.
>
> On our local 1.3 SP, the ePTID appears in a different form for
> Shibboleth 1.3 and Shibboleth 2.0:
> HTTP_SHIB_TARGETEDID: [log in to unmask]
> and
> HTTP_SHIB_TARGETEDID:
> https://shib-idp.ucl.ac.uk/shibboleth!https://sp.wasdev-a.ucl-0.ucl.ac.uk/shibboleth!j6M6lC9EqOSYHGmW7dYE/vEaZS0=
>
> so is there a setting on the SP that needs changing ?
>
>
>
> Adrian.
>
>
>
>
>
>
> Adrian Barker
> Internet Technology Section
> Information Systems
> Information Services Division (ISD)
> University College London, Gower Street, London WC1E 6BT
> External phone: +44 20 7679 5140, Fax (+44) 20 7388 5406
> Internal phone: x 25140
> Email: [log in to unmask]
|