technical-discuss - Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade
Subject: InCommon Technical Discussions
List archive
- From: Rhys Smith <>
- To: "Basney, Jim" <>
- Cc: "" <>
- Subject: Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade
- Date: Thu, 8 Jun 2017 07:30:10 +0000
- Accept-language: en-GB, en-US
- Ironport-phdr: 9a23:sa7fixHdvOTa/k5wocqGL51GYnF86YWxBRYc798ds5kLTJ76p8mybnLW6fgltlLVR4KTs6sC0LuJ9f66EjVav96oizMrSNR0TRgLiMEbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpTEdFQ/iOgVrO+/7BpDdj9it1+C15pbffxhEiCCzbL52Lhi6twTcutcZjYd/NKo8ywbCr2dVdehR2W5mP0+YkQzm5se38p5j8iBQtOwk+sVdT6j0fLk2QKJBAjg+PG87+MPktR/YTQuS/XQcSXkZkgBJAwfe8h73WIr6vzbguep83CmaOtD2TawxVD+/4apnVAPkhSEaPDMi7mrZltJ/g75aoBK5phxw3YjUYJ2ONPFjeq/RZM4WSXZdUspUUSFKH4GyYJYVD+cZPehWsZTzp0cAoxW9CwmjBuThyj5HiXDq0qM3yPghHhrD3AA8H9ICrHbZodPoP6kSS+C1y6zIwC3fYfNW2Tb985XDfA0kofGNQbJwcdfaxE4zGQPFjlSQspbpMS6Q1uQMr2ib7/FtVeCui248tw59uCKgyds2honUhYIY01bJ/jh3zoYyIN23Uk97Ydi8HZtNtCGaOZV5Td48TGFyoik61rwGuZm9fCQQz5Qn3RHfZ+aac4iL+h7jVeCRIStmi3J/frKwmQqy/Va6xuLiS8a0zVBHpTdGnNnUrn0ByQDf58qdRvZ+4EutwzWC2xzJ5u1ZIk05kbLXJ4A9zrIsi5YetEvOEy3qlEjzkaOWeFko9+yt5unkfrrrp5qROJN7hwz6LKgjn9GwDOokPQUKWmWW/eqx2KDg8ED8XLpFkuE5n6fBvJDUO8sWpbK1DgpQ34st6BuzEymq3dEckHYZLV9IdxeKg5b0NF3TOv/1CPWyjEijnTpt2vvIJKfuAo/XIXjGiLrhfahy60pbyAcr099f+otYCqoEIPLvQk/9rcHXAQE9Mwy13eboFs9914MHVW6SAaKUNLnesVqJ5uIqPeaDeJUauC3hK/Q/+/Huino5lUccfamvw5QXdGi1Eup6L0ibe3bhgckNHX0JswYiVuDmlV6PXDpLa3a3Ra085zU7CIy8DYfEQ4CgmKaB3Ce7H51NfGxGEVWMEXb0d4WEQPoMaiOSItR9nTAeT7euV5Ut1QyttAPi0bpoMvLU+jEEtZLkzNV15uvTmg019TxxCsSd1GeNQ3tznmMSSD86xbx/rlJhxVeD16h4guBXGsZX5/9QTwg6NIXcwPBnC9DpQQLMZdOJSFe9QtW6GjE9UMg9w94IY0ZhBdqilBbD0DS2A7MLjbCEGoE78r+Pl0T2coxXwm3A2bhlx3snR4EHYW+sj7V5+hn7BorNkkOelr3seKgBin3j7mCGmFCOrVoQawtxTaWNCUofd1CQltH4+kPqTb61AvIuOU1cypjReeNxdtT1gAAeF7/YM9PEbjf0wj/oCA==
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
A lot of UKf SPs use ePTID as it’s one of our core recommended attributes -
so a lot of commercial publishers that offer personalisation will use it.
Don’t think we’ve had any reported issues from any of our IdPs that’ve
upgraded about changed ePTID values.
If anyone wants to check, they can login via the UK federation Test SP at
https://test.ukfederation.org.uk/ (assuming that gets imported into InC from
eduGAIN, and the InC IdP is exported to eduGAIN (and therefore imported to
UKf). That SP displays all of the attributes & values it receives - so the
admin can record the ePTID/persistent nameid it gets pre-upgrade, and check
it’s the same post upgrade.
Rhys.
--
Dr Rhys Smith
Chief Technical Architect, Trust & Identity
Jisc
T: +44 (0) 1235 822145
M: +44 (0) 7968 087821
Skype: rhys-smith
GPG: 0x4638C985
Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by
guarantee which is registered in England under Company No. 5747339, VAT No.
GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill,
Bristol, BS2 0JA. T 0203 697 5800.
> On 7 Jun 2017, at 22:46, Basney, Jim
> <>
> wrote:
>
> Hi,
>
> Are any other InCommon SPs besides CILogon being routinely impacted by
> ePTID changes when InCommon IdPs upgrade to Shibboleth IdPv3? For CILogon
> the ePTID changes trigger an ePPN reassignment workflow (i.e., "it appears
> your ePPN has been reassigned") that results in users of the upgraded IdP
> losing access to their existing CILogon accounts. These IdPv3-upgrade ePTID
> changes have been causing CILogon user support requests from December 2015
> up to today.
>
> Is CILogon an outlier for checking ePTID values? IdP operators tell us
> we're wrong for thinking the ePTID changes are a problem. Since 100+
> InCommon IdPs still need to upgrade from Shibboleth IdP V2 to V3 [1], I
> think this problem isn't going away any time soon.
>
> I appreciate your advice and perspectives.
>
> Thanks,
> Jim
>
> [1]
> https://spaces.internet2.edu/display/InCFederation/List+of+Shibboleth+IdPs+by+Version
>
> To unsubscribe from this list, send email to
>
> with the subject: unsubscribe technical-discuss
- [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Basney, Jim, 06/07/2017
- [InC-Technical] RE: ePTID changes caused by Shibboleth IdPv3 upgrade, Wessel, Keith, 06/07/2017
- Re: [InC-Technical] RE: ePTID changes caused by Shibboleth IdPv3 upgrade, Paul B. Henson, 06/07/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Rhys Smith, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Alan Buxey, 06/08/2017
- RE: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Cantor, Scott, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Tom Scavo, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Rhys Smith, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Alan Buxey, 06/08/2017
- <Possible follow-up(s)>
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Basney, Jim, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Keith Hazelton, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Tom Scavo, 06/08/2017
- RE: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Wessel, Keith, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Nick Roy, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Nick Roy, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Nick Roy, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Keith Hazelton, 06/08/2017
- [InC-Technical] RE: ePTID changes caused by Shibboleth IdPv3 upgrade, Wessel, Keith, 06/07/2017
Archive powered by MHonArc 2.6.19.