Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] Scoped eppn question

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] Scoped eppn question


Chronological Thread 
    < Chronological >      < Thread >
  • From: "Hyzer, Chris" <>
  • To: Bryan Wooten <>, "" <>
  • Subject: RE: [grouper-users] Scoped eppn question
  • Date: Mon, 13 Jan 2020 22:35:06 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=isc.upenn.edu; dmarc=pass action=none header.from=isc.upenn.edu; dkim=pass header.d=isc.upenn.edu; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZpRH/J7Mbo8foqSFX/4TuHj7FmH8TNCGaXAlrH+IKB8=; b=LNgscAnWMzvhkxIkqJs7miSn5pJ19eJq+8icT3njDlm6FjW5VIo+wcL5IPD6yMK3pkd/56k/f2lgq/Ru54p45wD7YTiFQ8K5BMLd5cRdflVH5jbXOkKFT1WJSvDTDLWUx7jx7v6PKwHy4WF0qAwk07t9uz6pwuHwNQLWn6k0sWw0YT9Nn0i0I9DLkvvZwO4qW8WyPYvQFJee102+7Iap1MyeBp0HR3PWl7gVsAfw6bXWEBN+aKTz+vrMfZ2Ea2mVRfKu7diEeZEHDfZUoxaE6WRVcEJ5Zoe7aLKjddz5bBbBTSkuRmCZQmyZKL2w92zcCDOmRoxmbH9U+ujSfeTzkw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lf2ig51F1erXfdaFFayuEfaBDqb8qqmgxmEYjdfrHrrucMqK+PnOYDOLXMwyS9ekkLrBskABlFEkMY2qOEnG1CgczOwb4Ab9/8KyAQU5mWdkaGw6ouJjyMP5Nh5GZEvVGhtGt/HdqyVGEavm+a7B51nxL+U/yDIx4eF8sYFpuKbK42nmMqafuAYqDyLBTxEDyDZpFxRR0rkZXRR2CgpZIIjelrvW6i7UlUCC5uZZ1BnCl/AROtVGgQF7zktKLDCoY8DokxGijUki6X2JtVHuYUks7Jg9jD4Kgb1jWW/4/QuRSiT4oM35xAwwIVVQhRjKzpBDuRzcCqnw7R7G2QZUaw==

Couple options

 

  1. Add an attribute from the IdP which is the netId
  2. -or- If there an employeeId from IdP which might be better anyways?  (e.g. opaque id might be your subject id)
  3. -or- Add subject identifier in grouper which is scoped ID
  4. -or- do SP-foo which validates the scope is correct and the Idp is correct (if federated) and strip off the scope before putting it in REMOTE_USER

 

From: <> On Behalf Of Bryan Wooten
Sent: Monday, January 13, 2020 5:20 PM
To:
Subject: [grouper-users] Scoped eppn question

 

I will try and keep this short.

 

We set up our first Docker SP (and my team’s first SP) to front Grouper. We are mostly a CAS shop but we want (internal team) to start moving to pure SAML.

 

Our IDP returns scoped eppn but our Grouper instance wants unscoped for our Grouper subjectID filter. (We had success with CAS for SSO)

 

Is there a way to define unscoped eppn for any given SP? Either on the IDP side or SP side?

 

I know, I know this horse has been beaten to death but my google foo is failing.

 

Thanks,

 

Bryan

 


Archive powered by MHonArc 2.6.19.

Top of Page