Child pages
  • ShibbolethDeployment20091101

Shibboleth IdP deployment on Sunday, 11/1/2009 from 9:00am to 10:00am

We are planning a deployment of Shibboleth IdP application on 11/1/2009. This deployment should not cause any outage of IdP services.

Two major changes in this release are:

Bug Fix - Single Sign On is not working in some cases

Sequence of events that leads to this anomaly:
1. Log into an ISIS application with OASIS or QDB logon id
2. Access a Shibboleth enabled application in the same browser
User cannot to get to the application in this case. User will be forwarded to Applications list page.

This is affecting a small population of users. However there is a work around right now. User has to quit the browser, and access Shibboleth enabled application in a new browser window.

Attribute values for eduPersonAffiliation

Shibboleth delivers user's affiliation with the university via eduPersonAffiliation attribute (id is urn:mace:dir:attribute-def:eduPersonAffiliation). Currently we are asserting student and affiliate only. "student" means UCLA student and "affiliate" means those with an entry in our payroll system.

1. Assert two more values "member" "employee"
2. Redefine "affiliate" as per eduPerson schema

Definition of the assertions:
student UCLA student
employee UCLA employee
member UCLA student or UCLA employee
affiliate UCLA employee or UCOP employee or UCMerced employee

Important Note
We will be asserting "affiliate" for a short period, for those with a payroll entry. This will be temporary, to ensure that Service Providers receiving this attribute will not break. We will stop asserting this value after verification with every Service Provider currently using this attribute

Please note eduPersonAffiliation is a multi valued attribute. You may receive more than one value for this attribute, depending on person's current affiliation.

Please note eduPersonScopedAffiliation is also affected. eduPersonScopedAffiliation will have same value(s) as eduPersonAffiliation, with scope attached.

  • No labels