Duplicate PersistentNameID2TargetedID/PersistentNameID
3 views
Skip to first unread message
Lukas Hämmerle
Nov 21, 2016, 4:14:39 AM11/21/16
to simple...@googlegroups.com
Dear colleagues
Last week an issue was made public on the REFEDS mailing list regarding
an SP that discovered that different users from two IdPs all had the
same eduPersonTargetedID/SAML persistent NameID [1].
It seems that in both cases the root cause was that this
attribute/nameID was generated creating a hash of another attributes,
which in these two cases was empty.
Currently, there is a discussion taking place on the REFEDS mailing
list. An (data integrity/security) issue like this one (and handling it)
is in scope for e-Science support as well and we can use this as one
example of a complex issue (several entities and federations involved)
that eScience Support should be able to handle.
Best Regards
Lukas
[1] https://lists.refeds.org/sympa/arc/refeds/2016-11/msg00072.html
--
SWITCH
Lukas Hämmerle, Central Solutions
GÉANT Project Task Leader of
eduGAIN Service Development - Research and Service Providers
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 05, direct +41 44 268 15 64
lukas.h...@switch.ch, http://www.switch.ch
Last week an issue was made public on the REFEDS mailing list regarding
an SP that discovered that different users from two IdPs all had the
same eduPersonTargetedID/SAML persistent NameID [1].
It seems that in both cases the root cause was that this
attribute/nameID was generated creating a hash of another attributes,
which in these two cases was empty.
Currently, there is a discussion taking place on the REFEDS mailing
list. An (data integrity/security) issue like this one (and handling it)
is in scope for e-Science support as well and we can use this as one
example of a complex issue (several entities and federations involved)
that eScience Support should be able to handle.
Best Regards
Lukas
[1] https://lists.refeds.org/sympa/arc/refeds/2016-11/msg00072.html
--
SWITCH
Lukas Hämmerle, Central Solutions
GÉANT Project Task Leader of
eduGAIN Service Development - Research and Service Providers
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 05, direct +41 44 268 15 64
lukas.h...@switch.ch, http://www.switch.ch
Lukas Hämmerle
Nov 21, 2016, 4:17:20 AM11/21/16
to simple...@googlegroups.com
Sorry, please ignore my last mail to this list. It was addressed to
another list with a similar recipient mail address (thanks autocompletion!).
Best Regards
Lukas
another list with a similar recipient mail address (thanks autocompletion!).
Best Regards
Lukas
Reply all
Reply to author
Forward
0 new messages