Question Regarding StoredID

46 views
Skip to first unread message

Juan Quintanilla

unread,
Mar 22, 2012, 1:55:24 PM3/22/12
to us...@shibboleth.net
Hi,

I currently have a development Shibboleth IDP using storedID with a mysql database, my question is, is it always the case that a new persistent id is generated and stored in the database for a user for each SP?  Is there a way to change that?

I have the storedID tied to the edupersonTargetedID is there a way to just have the persistent id generated in the database only when the edupersonTargetedID is to be released.


Thanks!
___________________
Juan Quintanilla

Chad La Joie

unread,
Mar 22, 2012, 1:59:09 PM3/22/12
to Shib Users

On 3/22/12 1:55 PM, Juan Quintanilla wrote:
> I currently have a development Shibboleth IDP using storedID with a
> mysql database, my question is, is it always the case that a new
> persistent id is generated and stored in the database for a user for
> each SP? Is there a way to change that?

There is something called an affiliation, which is essentially a group
of SPs, and the IdP will generate *one* ID for the entire group. That's
the only exception to what you've said.

> I have the storedID tied to the edupersonTargetedID is there a way to
> just have the persistent id generated in the database only when the
> edupersonTargetedID is to be released.

No, there is no way to know, during attribute resolution, what will
ultimately be released. However, once the ID is generated then the work
is done. It's not something that happens on every request.
--
To unsubscribe from this list send an email to users-un...@shibboleth.net

Juan Quintanilla

unread,
Mar 22, 2012, 3:58:41 PM3/22/12
to Shib Users
Hi,

This affiliation is it specified in the IDP relying-party.xml or is it configured within the SP? Is there any documentation on how to do this.

Thanks!
___________________
Juan Quintanilla
305-348-6573
jqui...@fiu.edu

________________________________________
From: users-...@shibboleth.net [users-...@shibboleth.net] on behalf of Chad La Joie [laj...@shibboleth.net]
Sent: Thursday, March 22, 2012 1:59 PM
To: Shib Users
Subject: Re: Question Regarding StoredID

Chad La Joie

unread,
Mar 22, 2012, 4:00:00 PM3/22/12
to Shib Users
It's specified, and defined by, SAML metadata.

Cantor, Scott

unread,
Mar 22, 2012, 4:01:37 PM3/22/12
to us...@shibboleth.net
On 3/22/12 3:58 PM, "Juan Quintanilla" <jqui...@fiu.edu> wrote:
>
>This affiliation is it specified in the IDP relying-party.xml or is it
>configured within the SP? Is there any documentation on how to do this.

Affiliations are defined in metadata with a special descriptor element,
and depending on the context of use, the SP may have to explicitly request
an identifier scoped to the affiliation using NameIDPolicy in its requests.

-- Scott

Reply all
Reply to author
Forward
0 new messages