>>> On 02/12/2009 at 09:52, in message <[log in to unmask]>, Adrian Barker <[log in to unmask]> wrote: > We are planning to migrate to Shibboleth 2, and need to verify that the > eduPersonTargetedID will not change, but I'm not sure how to test this. > We are running a Shibboleth 1.3 IdP and 2.0 IdP in parallel, with the > same entityID, and can point a test Service Provider at one or the other > IdP and display the attributes, but the format of the > eduPersonTargetedID has changed, and I don't understand the technical > details involved. The entityID doesn't seem to affect ePTID, I've got the Shib 2 IdP up as idptest and it generates the same ePTID, I have both IdPs in the metadata with idptest hidden just now . I've been to target.iay.org.uk and selected the shib2 IdP and I get: HTTP_SHIB_TARGETEDID [log in to unmask] HTTP_SHIB_TARGETEDID2 https://idptest.dundee.ac.uk/shibboleth!urn:mace:ac.uk:sdss.ac.uk:provider:service:target.iay.org.uk!UlNWiIQjIQsnLzQVoL7YIyK8mBU= If I select the main shib 1 IdP I get: HTTP_SHIB_TARGETEDID [log in to unmask] HTTP_SHIB_TARGETEDID2 Both IdPs use the same salt (generated eptid). I think that means that its all OK ?? Please tell me someone if its not!! I'm going to use your technique for the migration, rename the shib 2 IdP on the other box to idp.dundee with the same entityID as the V1 box and put a proxypass in the V1 IdPs apache to the V2 IdPs tomcat. Cheers Andy The University of Dundee is a registered Scottish charity, No: SC015096