github-actions[bot]
commented
2 years ago This PR has no dependency differences with the base branch
Closed emetsger closed 2 years ago
github-actions[bot]
commented
2 years ago This PR has no dependency differences with the base branch
Remove a duplicate mapping for eduPersonPrincipalName.
IT@JH sends values for both attributes: 1.2.840.113556.1.4.656: the Microsoft userPrincipalName 1.3.6.1.4.1.5923.1.1.1.6: the InCommon eduPersonPrincipalName
The configuration for SimpleSAML maps both OIDs to
eduPersonPrincipalName, and picks one of the mappings at random. Since 1.4.656 and 1.1.1.6 are assigned different values by IT@JH, this manifests as the duplicate user problem.This PR removes the 1.2.840.113556.1.4.656 OID from the mapping, since we only care about the InCommon eppn. Having a single mapping for eppn (1.3.6.1.4.1.5923.1.1.1.6) removes the ambiguity, and ought to result in stable values of eppn moving forward.
Closes https://github.com/jhu-idc/iDC-general/issues/457