...
| Warning | ||
|---|---|---|
| ||
Although the NameID and eduPersonTargetedID, which is basically a copy of the NameID, are least likely to change and privacy aware they can change in some cases when service providers or identity provider make certain changes causing user profiles for services to be lost. The NameID, as used in the SAML assertion to a service provider when loggin' on, is generated using the uid, schacHomeOrganisation, the Entity ID of the service provider together with a secret that uses a SHA algorithm. Institutions or services that are in production and change one of these attributes, will cause a new NameID and eduPersonTargetedID to be generated by SURFconext when doing so. This can cause loss of access to profiles at services. We will discuss this with identity providers and service providers when we see a change in one of these attributes. |
...