Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning

Use of the eduPersonUniqueID attribute should be phased out and replaced with the subject-id attribute from the OASIS SAML 2.0 SubjectID Attributes Profile.

...

  • The eduPersonUniqueID attribute suffers from a case folding issue (due to allowing use of both upper and lower case characters) that may lead to identifier collisions at Service Providers not treating identifiers case-insensitively. Consider this an informal Security Advisory against any use of this attribute.
  • Also note that newer versions of saml2int – which is a formal part of the eduID.at policy via the Technical Profile – go – go much farther and states state that:

SPs MAY support legacy or historical <saml:NameID> and <saml:Attribute> identifier content for compatibility reasons but MUST NOT require their use.