[openid-specs-rande] SAML to OIDC mapping specification
Paul Millar
paul.millar at desy.de
Thu Mar 4 09:38:57 UTC 2021
<delurk/>
On 03/03/2021 20:05, Marcus Hardt wrote:
[...]
> I know that at in the context of AARC a couple of Infrastructures followed
> the mechanism mentioned in the REFEDS OIDCRE Whitepaper to translate from
> eduPerson* to eduperson_*
>
> - EGI
> - EUDAT
> - EduTeams
>
> Also one national project I'm in volved in uses those.
Just to add some weight to Marcus' comments -- I'm a developer for
dCache -- large-scale scientific storage software deployed internationally.
We've adopted the REFEDS Whitepaper as the mapping from eduPerson
attributes to OIDC claims.
> I am not aware of different implementations. Are there any that did it
> differently?
As it happens, I came across this:
https://www.cilogon.org/oidc
It looks like CILogin is returning some eduPerson attributes, but using
a different mapping scheme (e.g., eduPersonPrincipalName stored as the
"eppn" claim).
Perhaps there's an opportunity to reach out and involve the CILogin people?
Cheers,
Paul.
More information about the openid-specs-rande
mailing list