Refeds


Subject Re: use of eduPersonEntitlement
From Peter Schober <peter.schober@xxxxxxxxxxxx>
Date Wed, 15 May 2013 18:38:36 +0200

* Vries, Ale de (ELS-NYC) <ale@xxxxxxxxxxxx> [2013-05-15 18:02]:
> Actually, in the specific case of SURFconext we encountered this
> issue not because of multiple values being released, but because of
> the same value being released in two different formats -
> urn:mace:<name> and urn:mace:<oid>. Our access management system
> choked on that - and it's currently being worked around by the
> SURFconext hub, IIRC.

Assuming SAML2 both of these forms would be wrong.
Assuming SAML1 second one would be wrong the first one might be
correct (depending on what <name> really is).
Maybe you're mistaken and the second one is in fact of the form
urn:oid:<oid> (which is fine and prederred for most SAML2 attributes
in this community)?
-peter