Grouper Users - Open Discussion List

[Rob Gorrell <>]

So I've made some progress... seems what was being displayed by Grouper was the persistantId coming from shibb since eppn was getting filtered out due to a whitespace issue in the scope area of my IdP's metadata. Thats all resolved now and I'm mapping a shibb session into a provisioned grouper subject using eppn and remote_user. But this brings about a new question regarding grouper subjects...

since I'm logging people into grouper using eppn which is a scoped attribute, the subjects i provision must also be scoped (). I hadn't thought about creating my subjects as scoped values... so i could have the shibb sp 'unscope' it before mapping into remote_user and create my subjects as normal usernames as I had intended. But then I started thinking about leaving the subjects scoped to open the door for using grouper in a more federated since (though I hadn't really thought about this prior and I'm not sure how you'd provision external subjects ahead of time).

so I was just curious for those protecting the UI with shibb, are you stripping of the scope from eppn, or are you creating your subjects in grouper fully scoped?

-Rob