On 3/22/12 1:55 PM, Juan Quintanilla wrote:
> I currently have a development Shibboleth IDP using storedID with a
> mysql database, my question is, is it always the case that a new
> persistent id is generated and stored in the database for a user for
> each SP? Is there a way to change that?
There is something called an affiliation, which is essentially a group
of SPs, and the IdP will generate *one* ID for the entire group. That's
the only exception to what you've said.
> I have the storedID tied to the edupersonTargetedID is there a way to
> just have the persistent id generated in the database only when the
> edupersonTargetedID is to be released.
No, there is no way to know, during attribute resolution, what will
ultimately be released. However, once the ID is generated then the work
is done. It's not something that happens on every request.
To unsubscribe from this list send an email to users-un...@shibboleth.net
This affiliation is it specified in the IDP relying-party.xml or is it configured within the SP? Is there any documentation on how to do this.
From: users-...@shibboleth.net [users-...@shibboleth.net] on behalf of Chad La Joie [laj...@shibboleth.net]
Sent: Thursday, March 22, 2012 1:59 PM
To: Shib Users
Subject: Re: Question Regarding StoredID
Affiliations are defined in metadata with a special descriptor element,
and depending on the context of use, the SP may have to explicitly request
an identifier scoped to the affiliation using NameIDPolicy in its requests.