Versions Compared

Old Version 1

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 2

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following attributes contribute to a minimal gateway attribute bundle:

  1. eduPersonTargetedID (ePTID)
  2. eduPersonPrincipalName (ePPN)
  3. mail
  4. displayName OR (givenName AND sn)

Recommendations:

  • Set ePPN to the user’s email address
    • Use ePPN at your own risk
  • Set the ‘mail’ mail attribute to the user’s email address
  • Set the person name as appropriate
  • Optionally set the NameID to one of the following:
    1. the user’s email address
    2. ePTID (i.e., a SAML2 Persistent NameID)
    3. SAML2 Transient NameID (default)

The most difficult mapping is ePTID. The goal is to assert a value of ePTID that persists with or without the gateway in the middle.

...