To ease a migration of an internal system, I wanted to generate ePTIDs for
some known user accounts from the Unix shell.
I was a good boy and Used The Source, read the documentation, and came to
the conclusion that this is what I wanted to do:
/bin/echo -n "[log in to unmask]" | sha1 | base64 -e
based on:
shibboleth-1.3.3-install/src/edu/internet2/middleware/shibboleth/aa/attrresolv/provider/PersistentIDAttributeDefinition.java
To whit:
// Hash the data together to produce the persistent ID.
try {
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(requester.getBytes());
md.update((byte) '!');
md.update(localId.getBytes());
md.update((byte) '!');
String result = new String(Base64.encode(md.digest(salt)));
Unfortunately, what my command line gives me doesn't match up with the
ePTID the SP receives, given the same user, entityId, and salt.
Have I done something daft, do I misunderstand how it works, or is there
something darker afoot somewhere?
Jethro.
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks, Computing Officer
Information Services, The University Of Strathclyde, Glasgow, UK
The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.
|