...
In a persistent identifier scenario, the RP requests a transient persistent identifier using the transient persistent scope, and should receive a pairwise sub per transactionRP, regardless of which persistent Identifier attributes we received from the SAML IdP as an identifier.
We cannot deliver a persistent Identifier if we do not get any persistent Identifier from the SAML IdP
...
Configuration | Parameters (for SSP) | Expected Result |
---|---|---|
Transient SAML NameID, eduPersonAffiliation and SchacHomeOrganization | ||
IdP: release
RP request:
| NameIDFormat = urn:oasis:names:tc:SAML:2.0:nameid-format:persistenttransient urn:oid:1.3.6.1.4.1.25178.1.2.9 = example.org urn:oid:1.3.6.1.4.1.5923.1.1.1.1 = student |
|
Transient SAML NameID, eduPersonScopedAffiliation | ||
IdP: release
RP request:
| NameIDFormat = urn:oasis:names:tc:SAML:2.0:nameid-format:transient urn:oid:1.3.6.1.4.1.5923.1.1.1.9 = student@example.org |
|
Transient SAML NameID, eduPersonPrincipleName, eduPersonScopedAffiliation | ||
IdP: release
RP request:
| NameIDFormat = urn:oasis:names:tc:SAML:2.0:nameid-format:transient urn:oid:1.3.6.1.4.1.5923.1.1.1.6 = username@example.org urn:oid:1.3.6.1.4.1.5923.1.1.1.9 = student@example.org |
|
Transient SAML NameID,eduPersonPrincipleNameeduPersonUniqueID, eduPersonScopedAffiliation | ||
IdP: release
RP request:
| NameIDFormat = urn:oasis:names:tc:SAML:2.0:nameid-format:transient urn:oid:1.3.6.1.4.1.5923.1.1.1.6 13 = username@example3290vdsjk2njks9@example.org urn:oid:1.3.6.1.4.1.5923.1.1.1.9 = student@example.org |
|
Transient SAML NameID,eduPersonUniqueIDeduPersonTargetedD, eduPersonScopedAffiliation | ||
IdP: release
RP request:
| NameIDFormat = urn:oasis:names:tc:SAML:2.0:nameid-format:transient urn:oid:1.3.6.1.4.1.5923.1.1.1.13 = 3290vdsjk2njks9@example.org10 = a6c2c4d4-08b9-4ca7-8ff9-43d83e6e1d35 urn:oid:1.3.6.1.4.1.5923.1.1.1.9 = student@example.orgFor config of ssp for generating ePTiD, see https://simplesamlphp.org/docs/1.5/simplesamlphp-authproc#section_2_5 |
|
PersistentTransientSAML NameID,eduPersonTargetedD, eduPersonScopedAffiliationeduPersonAffiliation and SchacHomeOrganization | ||
IdP: release
RP request:
| NameIDFormat = urn:oasis:names:tc:SAML:2.0:nameid-format:transientpersistent urn:oid:1.3.6.1.4.1.25178.1.2.9 = example.org urn:oid:1.3.6.1.4.1.5923.1.1.1.1 = student |
|
Persistent SAML NameID, eduPersonScopedAffiliation | ||
IdP: release
RP request:
| NameIDFormat = urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.10 = a6c2c4d4-08b9-4ca7-8ff9-43d83e6e1d35 urn:oid:1.3.6.1.4.1.5923.1.1.1.9 = student@example.org |
|
Persistent SAML NameID, eduPersonPrincipleName, eduPersonScopedAffiliation | ||
IdP: release
RP request:
| NameIDFormat = urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oid:1.3.6.1.4.1.5923.1.1.1.6 = username@example.org urn:oid:1.3.6.1.4.1.5923.1.1.1.9 = student@example.orgFor config of ssp for generating ePTiD, see https://simplesamlphp.org/docs/1.5/simplesamlphp-authproc#section_2_5 |
|
Persistent SAML NameID, eduPersonUniqueID,eduPersonAffiliation and SchacHomeOrganizationeduPersonScopedAffiliation | ||
IdP: release
RP request:
| NameIDFormat = urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oid:1.3.6.1.4.1. 251785923.1.1.1.13 = 3290vdsjk2njks9@example.org urn:oid:1.3.6.1.4.1.5923.1.1.21.9 = examplestudent@example.org |
|
Persistent SAML NameID, eduPersonTargetedD, eduPersonScopedAffiliation | ||
IdP: release
RP request:
| NameIDFormat = urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oid:1.3.6.1.4.1.5923.1.1.1.10 = a6c2c4d4-08b9-4ca7-8ff9-43d83e6e1d35 urn:oid:1 = student.3.6.1.4.1.5923.1.1.1.9 = student@example.org |
|