>>>> On 02/12/2009 at 09:52, in message <[log in to unmask]>, =
>Adrian Barker
><[log in to unmask]> wrote:
>> We are planning to migrate to Shibboleth 2, and need to verify that =
>the=20
>> eduPersonTargetedID will not change, but I'm not sure how to test =
>this.=20
>> We are running a Shibboleth 1.3 IdP and 2.0 IdP in parallel, with the=20
>> same entityID, and can point a test Service Provider at one or the =
>other=20
>> IdP and display the attributes, but the format of the=20
>> eduPersonTargetedID has changed, and I don't understand the technical=20
>> details involved.
>
>The entityID doesn't seem to affect ePTID, I've got the Shib 2 IdP up as =
>idptest and it generates the same ePTID, I have both IdPs in the metadata =
>with idptest hidden just now .
>
>I've been to target.iay.org.uk and selected the shib2 IdP and I get:
>
>HTTP_SHIB_TARGETEDID [log in to unmask]
>HTTP_SHIB_TARGETEDID2 https://idptest.dundee.ac.uk/shibboleth!urn:mace:ac.u=
>k:sdss.ac.uk:provider:service:target.iay.org.uk!UlNWiIQjIQsnLzQVoL7YIyK8mBU=
>=3D=20
>
>
>If I select the main shib 1 IdP I get:
>
>HTTP_SHIB_TARGETEDID [log in to unmask]
>HTTP_SHIB_TARGETEDID2 =20
>
>Both IdPs use the same salt (generated eptid).
>
>I think that means that its all OK ?? Please tell me someone if its =
>not!!
>
>
>I'm going to use your technique for the migration, rename the shib 2 IdP =
>on the other box to idp.dundee with the same entityID as the V1 box and =
>put a proxypass in the V1 IdPs apache to the V2 IdPs tomcat.
>
>Cheers
>Andy
>
>
>The University of Dundee is a registered Scottish charity, No: SC015096
Andy,
Thanks for this.
Is the algorithm for generating the ePTID documented ? It would be
useful to know how it is built.
On our local 1.3 SP, the ePTID appears in a different form for
Shibboleth 1.3 and Shibboleth 2.0:
HTTP_SHIB_TARGETEDID: [log in to unmask]
and
HTTP_SHIB_TARGETEDID: https://shib-idp.ucl.ac.uk/shibboleth!https://sp.wasdev-a.ucl-0.ucl.ac.uk/shibboleth!j6M6lC9EqOSYHGmW7dYE/vEaZS0=
so is there a setting on the SP that needs changing ?
Adrian.
Adrian Barker
Internet Technology Section
Information Systems
Information Services Division (ISD)
University College London, Gower Street, London WC1E 6BT
External phone: +44 20 7679 5140, Fax (+44) 20 7388 5406
Internal phone: x 25140
Email: [log in to unmask]
|