You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@vcl.apache.org by Aaron Coburn <ac...@amherst.edu> on 2011/10/04 20:13:34 UTC
Affiliation names with Shibboleth
Hello,
I have configured our VCL instance to support five different affiliations (in addition to Local and Global), each of which uses Shibboleth to authenticate. Everything works smoothly, but I'm wondering why the default configuration removes the .edu from the corresponding Shibboleth attribute (eppn) in order to construct the affiliation name? (See around line 113-116 in shibauth/index.php) The result is that group affiliation lists look like this:
user1@AMHERST
user2@MTHOLYOKE
user3@SMITH
etc.
Similarly, groups might look like this:
admin@AMHERST
chemistry@HAMPSHIRE
math@SMITH
math@UMASS
etc.
Was the intention simply to distinguish the user and group lists from actual email addresses? Clearly, the VCL user/group name + affiliation would not always map cleanly to a real email address, but I was wondering if there was any other reason for this choice.
Thanks,
Aaron Coburn
--
Aaron Coburn
Systems Administrator and Programmer
Academic Technology Services, Amherst College
(413) 542-5451 acoburn@amherst.edu
Re: Affiliation names with Shibboleth
Posted by Josh Thompson <jo...@ncsu.edu>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Aaron,
It was really just a convention we picked for the affiliations - to have a
single "word" in all caps with no delimiters. Part of the reasoning for that
was to distinguish them from email addresses as you suggested. I don't really
remember other reasons, but I don't think that was the only one. Having
amherst.edu translate to AMHERST matched the other affiliations we already had
better than doing AMHERSTEDU; so, that's what we went with.
Josh
On Tuesday October 04, 2011, Aaron Coburn wrote:
> Hello,
> I have configured our VCL instance to support five different affiliations
> (in addition to Local and Global), each of which uses Shibboleth to
> authenticate. Everything works smoothly, but I'm wondering why the default
> configuration removes the .edu from the corresponding Shibboleth attribute
> (eppn) in order to construct the affiliation name? (See around line
> 113-116 in shibauth/index.php) The result is that group affiliation lists
> look like this:
>
> user1@AMHERST
> user2@MTHOLYOKE
> user3@SMITH
> etc.
>
> Similarly, groups might look like this:
>
> admin@AMHERST
> chemistry@HAMPSHIRE
> math@SMITH
> math@UMASS
> etc.
>
> Was the intention simply to distinguish the user and group lists from
> actual email addresses? Clearly, the VCL user/group name + affiliation
> would not always map cleanly to a real email address, but I was wondering
> if there was any other reason for this choice.
>
> Thanks,
> Aaron Coburn
>
>
> --
> Aaron Coburn
> Systems Administrator and Programmer
> Academic Technology Services, Amherst College
> (413) 542-5451 acoburn@amherst.edu
- --
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
iEYEARECAAYFAk6LWnIACgkQV/LQcNdtPQN2bACfaoNZ/dWrc0GH+FllXG3+NNjJ
YdsAnA+NSpgx91F2FWjjbTGwHvL8ft9x
=/saH
-----END PGP SIGNATURE-----