Versions Compared

Old Version 161

changes.mady.by.user Raoul Teeuwen

Saved on

compared with

New Version 162

changes.mady.by.user Raoul Teeuwen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added text to eduPersonTargetedID definition/notes to clarify we only copy NameID when that is configured as a Persistent value

...

urn:mace

urn:mace:dir:attribute-def:eduPersonTargetedID

urn:oid

urn:oid:1.3.6.1.4.1.5923.1.1.1.10

Multiplicity

single-valued

Data typeUTF8 string (unbounded)

Description 

The attribute eduPersonTargetedID is a copy of the persistent Subject -> NameID, which is generated by SURFconext itself. When an Identity Provider provides the eduPersonTargetedID itself, it is always overwritten by SURFconext. 

Examplesbd09168cf0c2e675b2def0ade6f50b7d4bb4aae

Notes 

This attribute is created because the Subject -> NameID itself is not part of the SAML v2.0 response and therefore only is available for an application if the local SAML implementation explicitly support supports this. Within SURFconext the Subject -> NameID is explicitly copied into the eduPersonTargetedID attribute, in order for the identifier to be used like any other attribute., but only when NameID is configured to be persistent (as the eduPerson definition of eduPersonTargetedID requires it to be persistent)


Anchor
eduPersonORCID
eduPersonORCID
eduPersonORCID

...