Skip to Content.
Sympa Menu

inc-ops-notifications - [InCommon NOTICE] REMINDER: Do not break your user identifiers when upgrading your IdP

Subject: InCommon Operations Notifications

List archive

[InCommon NOTICE] REMINDER: Do not break your user identifiers when upgrading your IdP


Chronological Thread 
  • From: Nick Roy <>
  • To: Nick Roy <>
  • Subject: [InCommon NOTICE] REMINDER: Do not break your user identifiers when upgrading your IdP
  • Date: Wed, 15 Nov 2017 15:58:30 -0700
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:ZtAznR/5GiK3D/9uRHKM819IXTAuvvDOBiVQ1KB+0+gQIJqq85mqBkHD//Il1AaPBtSLraocw8Pt8InYEVQa5piAtH1QOLdtbDQizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1JuPoEYLOksi7ze6/9pnQbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsLxUb05Vyiu47pyRBP0lSsMKjo1/HzXh8B1iq9QvRCvqAFlw4PMfo+bNOdwcKDTc9wUSmVOQslfVy1aD4OgbIYCFfYNMfpWooT/oVYFsBuwBROrBOPq0jJGnn720rE50+88DQ/G2wwhFM8JvXTSttX1M6cTXPu0zKnO0TXMcelW2THj54jUbBwtu++DUq9tccfIz0QkCg3LjlKVqYP/PjOV0PwAs3Ob7+phTu2gkGknqwVvrTizxscgkI/JiZwJylzc9CV5xpo1KsOiSE59f9GkDIVcuzuEOIRrX8MvRXxjtiUiyrAepJK3YCcHxI4oyhPdcfCKfJWE7gjnWeufOTt0mXNodbylixqs8UWtxPfwW8a73VpQqidIk9/BvW0X2RPJ8MiIUP5981+h2TmR0wDT7flJL1gomKTcN5IszKc8mJQUv0nNByP2n175g7GMekUj5+io9//oYrL7pp+aKoB4kBn+Mr4pmsyjH+s3LhQOX2mc+eS6zrHj+lD5QKlOjv0xlanZs4rWKtgcpq68GwNV04Aj5AijDzq+zdgUgXYKIEhKdR+FlYTkNEzCLOr8APqxm1islS1kx/HCPr3vGJXNKX3Dna/nfbZn7E5dyBE+zdFZ55JIFL4BOvTzVVHttNDGFBM2LRG7w/v/BNVnyoweQX6PArOeMK7KsF+I4P4gI+6JZI8Qvzb9LeIp5/n0jX82gFMdZbOm3YELaHC5AvtmIl2ZbmDqgtcdCmcHpQ4+TO3xiF2eSj5feWy+X6M65jEnFo2mF4HDSZ6xgLCfxiu0AIBZZn1eAFCWDXjob5mEW+sLaC+KI89hlCALVb+kS48k0hGushX2y719Lurb4yEYtJTj28Rs6+3UjREy7iV4D8Ka02GRTmF0kGIISCMs06BjoEx9zVGD0bNjjvxcFNxT/O9JUhwkOZLGzux6DczyVRzbftePVlmmXsuqDSsvQd0s3t9dK3p6TvOjhROL5S27S+sTjbuaLJ0y7q/G2XXtfYBwx2uQh4c7iFxzZMpENiWcgb83ow7JAJ/hkkOFmryseLhGmiPB6THQniK1oEhEXVsoAu3+VncFax6P8Nk=
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99
Hello,

InCommon Service Providers continue to report having issues with IdPs
breaking their users' eduPersonTargetedID and SAML persistent nameID
values when they perform an upgrade of their IdP.

It is *critical* that those performing this upgrade preserve the values
of their users' identifiers in order to prevent a loss of service for
your users.  You must copy important information such as the salt value
used in the generation of pairwise identifiers (eduPersonTargetedID and
SAML persistent nameID) from an old to a new installation if you choose
not to do an in-place upgrade.

While I have your attention, if you are one of the organizations listed
among the 96 sites still running an outdated and unsupported version of
the Shibboleth IdP, please upgrade as soon as possible.  If you are on
the list of sites running Shibboleth IdP v2, you are running unsupported
and insecure software:
https://spaces.internet2.edu/display/InCFederation/List+of+Shibboleth+IdPs+by+Version

Please take a look at the instructions on the Shibboleth Project wiki
which walk you through important steps in the upgrade process:
https://wiki.shibboleth.net/confluence/display/IDP30/Upgrading

Thank you,

Nick Roy
Director of Technology and Strategy, InCommon / Internet2 Trust and
Identity Services

  • [InCommon NOTICE] REMINDER: Do not break your user identifiers when upgrading your IdP, Nick Roy, 11/15/2017

Archive powered by MHonArc 2.6.19.

Top of Page