Hi Robert, Thanks for your reply below - that would seem to be a great suggestion. Can I ask; would this be the "recommended" way to do this (as of course it starts to move away from something being depreciated). Or is it preferable the storedId data connector continue to be used for the time being? Keith Carr Senior Developer St. George's, University Of London -----Original Message----- From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Robert Bradley Sent: 16 February 2017 18:27 To: [log in to unmask] Subject: Re: IdPv3 eduPersonTargetedID -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 16/02/17 17:40, Keith Carr wrote: > My question is this:- Is there a way to produce the > eduPersonTargetedID attribute using the new persistent > NameIdGeneration method (rather than using the "old" > data-connector-in-the-"attribute-resolver"-file method)? After all, > the values held in the database are the same. So can I use the > saml-nameid.properties and saml-nameid.xml files and link the > resultant NameId to output as the eduPersonTargetedID attribute in the > SAML? > An attribute-resolver.xml config like this should work, assuming a plaintext salt with no unusual characters: <resolver:AttributeDefinition id="eduPersonTargetedID" xsi:type="ad:SAML2NameID" sourceAttributeID="computedId" nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"> <resolver:Dependency ref="computedId"/> <resolver:DisplayName xml:lang="en">Targeted ID</resolver:DisplayName> <resolver:AttributeEncoder xsi:type="enc:SAML1XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"/> <resolver:AttributeEncoder xsi:type="enc:SAML2XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" friendlyName="eduPersonTargetedID"/> </resolver:AttributeDefinition> <resolver:DataConnector id="computedId" xsi:type="dc:ComputedId" sourceAttributeID="%{idp.persistentId.sourceAttribute}" salt="%{idp.persistentId.salt}"> <resolver:Dependency ref="%{idp.persistentId.sourceAttribute}"/> </resolver:DataConnector> This would pick up the salt value from saml-nameid.properties. - -- Dr Robert Bradley Identity and Access Management Team, IT Services, University of Oxford -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJYpe7iAAoJEJRhp8p2r+O+UbgP/RLEaBzt+zNBGeZuGFYR4NL8 XLq7jLdRyElPkMqYvNNdxiPoCLq7s5gvo9xwlYXjPGMXecPXyBD2hvrM0Ze7tl5E ICqXIgYfJFK1UGgz3kw1RywxR2j/AAjz33PMTV8H7hEOL2vhWaQ23IJEG7PwvOPk nJ+or/qnp3x8T6r9sfqYN0h6YsKVU9HZ7iS3wFoFaza5F6XfHZrzBar8oDxYu1k+ 4ZJPIzViQmv7ejwU6MNRdDMimgKHEiFQDuEZdCEfI1wM2QdZ/uz8d60rvWS89DC8 oqMBts9vCgUyxF0Y+dqsye1DXvwi6PL728n6eyElKprRYeZGw7+iUOPBYm+8TAVO hQX96za+jioziknSt3SibMQ9Wnuh9hwp4/uoYj5xNBdcL5g6byarLGELBcieZhXv RnsnUrobJo3CDfcIU1RRuf8yMPbuHxszzp0i15kAxQpWJfjnFqHluf+iLE1akw0n R8yLl7nkfxkAs+ow+4cbXphNQiDbzGdZPZo0v0HB1DQv0s4tU3/qWLXABzZ0eXvm 5ClvYV92vY0apR45YDf89Y1j1ZYi4DRB4CUo9tqEyQ3TyucH31rlxYcHy11jYa2/ BdVcMCFA87Vr8osB+m+ty9u+WcCFjMV10dThPHp00fPbz7lLcywqaOwWk2pgwl1n 12BqgNU8d1vNT7iyq0bM =KHB2 -----END PGP SIGNATURE-----