persistent_id should be added to authorization part of SHHAA configuration
Then, #156 should also be fixed.
Notifiy Torsten Compart grigull@informatik.uni-leipzig.de when fixed
On 12/10/11 14:02 , Torsten Compart wrote:
Hi Dieter,
after an internal discussion about the attributes of our IDP send to the component register. You said, that 'eppn' (eduPersonPrincipalName) would be required. This would mean, that the Component Register uses an attribute which is the authentication token of the whole CLARIN network used for every other SP too. We could provide the less explicit attribute 'persistent_id' (eduPersonTargetId), which would be generated by our IDP only for the Component Register. I think for the purpose of the Component Register this would be enough. Would it be enough to release the attribute 'persistent_id' for a successful authentication? This would help to clear the discussion with our data protection officer.
Hi Torsten,
I think that should be sufficient. It means however that we need to make some changes to the implementation of the Component Registry in that it queries the user to provide a "human readable" name after logging in when eppn or displayname is not available. I think you can tell your data protection officer that we can live with that solution.
It might take some time on the other hand before you really can login at the component registry. I'm cc'ing Twan, he can add you to the ticket for this so that you get a signal as soon as eptid is supported.
https://trac.clarin.eu/ticket/157