Skip to Content.
Sympa Menu

technical-discuss - Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade

Subject: InCommon Technical Discussions

List archive

Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade


Chronological Thread 
  • From: Nick Roy <>
  • To:
  • Subject: Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade
  • Date: Thu, 8 Jun 2017 09:11:55 -0600
  • Authentication-results: incommon.org; dkim=none (message not signed) header.d=none;incommon.org; dmarc=none action=none header.from=internet2.edu;
  • Ironport-phdr: 9a23:b789xBByQD4fsLFff32XUyQJP3N1i/DPJgcQr6AfoPdwSPX6rsbcNUDSrc9gkEXOFd2CrakV1KyI6OuwACQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9GiTe5Y75+NhS7oAveusQVnIdpN7o8xAbOrnZUYepd2HlmJUiUnxby58ew+IBs/iFNsP8/9MBOTLv3cb0gQbNXEDopPWY15Nb2tRbYVguA+mEcUmQNnRVWBQXO8Qz3UY3wsiv+sep9xTWaMMjrRr06RTiu86FmQwLuhSwaNTA27XvXh9RtgqxFrhKvpx9xzYDab46aNvVxYqzTfdIBSGpdXMtcTTBNDp+yYoYNCecKIOZWr5P6p1sLtRawHQisC//syjRVmnH22q072PkmHAHAxgwgGNIPvW/VrNXzKKcdT/q1zK/WwjXfcf9awyny55XVch04p/yHQLx+cc3UyUY1FgPFiE2dqY3jPzOJyOsNqW6b4PR8Ve6xkWIotRx+oiWpy8wxiYfJnpoYxk3Y+Sh22oo4Kt+1RFR0bNK5Cpdcqi+XOoVuTs88QmxkpDs2x7gYtZO4ciUHzZsqywDDZ/CZdoWH/xLuWPqULDhlmH5oea+zihOv/US81+HzSsy53VdLoyZYjtbBs2wC2ALQ58edTPZ2412v1iyV1w/J7+FJOUA0mrTfK54m2rM+joYev0PfEiL4gUn4gqiYe0s99uiv8OvofK/qppiBN49okQ7+NbkumsqiDugiKggORW+b+fii27L/4U35QbJKjvssnqnerZDaOcAbpqm+Aw9WyIos9xG/DzK+3NQZm3kIMk5FdQqag4T1NFzCOv/1APWlj1mjjTtn3e3KM7PvD5nVK3jMirbhfbJz605GzwozyMhS55ROCrEGIPP+QU7xtNrEDhAnKQy0xfjoCMlj2o8ER22AH7KZPLvIsVCU/uIvP/WMZIgNtTb8Lfgq+/nujXo8mV8ae6mlx5wXaGq3Hvh/P0WWf2bjgtcHEWcLogUxVujqhESfXj5SfHa9Q7885iogCI+9CYfDR5utgKCa3CulBJFWZ2ZGCkySHnfycYWLResMZDyILsB/jzMESOvpd4h0yRyltAn7wLNja+bV4SYFronL1d5+4OjWkhd08iZ7XOqH1GTYaWB/nSsyQC5+iKZlpl1Vy1Gf3LJ+juACU9Ff+qUaAU8BKZfAwrkiWJjJUQXbc4LRRQ==
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99
They do care - and they were also affected by an ePTID/SAML persistent
nameID-related issue that also involved deployers not getting an upgrade
right. Interestingly, neither case involved IdPv3. One was an IBM
product, the other was SimpleSAMLphp. More info can be found in the
incident report linked off our security incident handling wiki:

https://spaces.internet2.edu/display/InCFederation/Security+Incident+Handling

Nick

On 6/7/17 7:43 PM, Wessel, Keith wrote:
> If memory serves, ORCID also cares. They weren't federated back in 2015
> when I did my IdP upgrade to V3.
>
> Keith
>
>
> -----Original Message-----
> From:
>
>
> [mailto:]
> On Behalf Of Basney, Jim
> Sent: Wednesday, June 07, 2017 7:55 PM
> To:
>
> Subject: Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3
> upgrade
>
> On 6/7/17, 4:52 PM, Wessel, Keith wrote:
>> why are the EPTID values changing?
> I don't know. If someone from InCommon wants to follow-up with the IdP
> operators to find out, I'd be happy to provide details off-list. It'd be
> even better if the IdP operators in question want to reply on the list.
>
>> You were actualy the one who reported the error to me.
> Yes, exactly my point. No SPs other than CILogon seem to care about ePTID,
> so why should the IdP operators bother to get it right? Things are working
> for the SPs that matter to them. CILogon is an outlier.
>
> Are there any other SP operators on the list who are detecting these ePTID
> changes?
>
> -Jim
>


Archive powered by MHonArc 2.6.19.

Top of Page