Hi John,
Sara here from the UK federation support team.
There are still a few older SPs in the UK federation that depend upon
SAML 1 and will still require eduPersonTargetedID to be released as a
SAML 1 attribute. I expect that eventually all UK federation SPs will
support SAML 2 but I can't forecast exactly when that will be! We are
certainly treating it as a priority to encourage and help SP operators
to support SAML 2.
However: we know that *Shibboleth* SPs will accept a NameID in SAML 2
and use its value in the way it can the value of an ePTID attribute, but
we don't necessarily know that of other software. It might be that in
practice IdPs will need to release ePTID in SAML 2 to some SP
deployments for quite some time to come.
Sara Hopkins
UK federation
On 10/03/2016 11:30, John Horne wrote:
> Hello,
>
> I am configuring a test IdP server based on our version 2
> configuration, but updating it as much as I can to version 3. The above
> attribute though is, to me, a bit confusing.
>
> I see that the UK federation still list ePTID as a core attribute [1].
> But it also seems that for IdP version 3 the attribute has been
> deprecated [2]. As far as I can tell, in order to resolve the
> attribute, and comply with the UK federation recommendations, I have to
> keep the current (v2) ePTID attribute configuration.
>
> In particular I note from the reply in [2]:
>
> "...because there has never been a good reason to pass it as an
> attribute in SAML 2, only SAML 1. Since all of SAML 1 is sort of
> deprecated...
>
> ...if there's somebody out there who thinks they need to send it as an
> attribute in SAML 2, that's either a point of confusion or an SP with a
> bug."
>
> I am just wondering if there is any sort of push being considered via
> the UK federation for (listed) SP's to ditch SAML1 and so remove ePTID
> as a core attribute?
>
> [1] http://www.ukfederation.org.uk/content/Documents/AttributeUsage
> [2] http://shibboleth.net/pipermail/users/2015-April/020996.html
>
>
> Thanks,
>
> John.
>
--
Sara Hopkins
Support Team
UK Access Management Federation for Education and Research
web: http://www.ukfederation.org.uk/
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
|