Hi,
I'm in the process of upgrading to IdP 2 ... since release 1.2, we have
generated the targetID value via an Oracle function, it is stored in an
Oracle database for new requests only. Subsequent requests are handled by
an LDAP directory for a more efficient (quicker) release of the attribute.
I'd like to know if it is possible to retain our existing targetID's by
using the Stored ID Data Connector (below) which will automatically
generate the target ID for us and store it in a specified database.
<https://spaces.internet2.edu/display/SHIB2/ResolverStoredIDDataConnector>
The above states: this connector creates and persists unique identifiers.
The first ID created for a given requester is always the same as those
created by the computed ID data connector in order to provide a migration
path from that data connector. Every subsequently generated ID for a given
user/IdP/SP triple, if the first one is revoked, is a Type 4 UUID.
So the plan would be for us to migrate our current epTID data to the
database mentioned above (shibpidp), this shouldn't be a problem. My
concern is more to do with the fact that the Stored ID Data Connector
generates the target ID using a different algorithm (Type 4 UUID?) to the
one we currently use. SP's will expect the current value for old users.
However our current target ID values should NOT get over-ridden? thus only
new SP requests will generate the target ID based on the new algorithm? Is
this correct? Hope this makes sense!
Any help appreciated.
Naveed
--------------------------------------------------------
Naveed Hashmi
Information Systems and Computing
University of Bristol
|