...
In this configuration, the ePTID
and ePPN
attributes are computed by the Gateway as follows. The ePPN
computed by the Gateway is:
ePPN
: user+gmail.com@google.gatewaycom@gateway.incommon.org
The ePTID
is set to the following triple:
...
To avoid such a configuration (which defeats the purpose of scoped attributes), in Configuration 2 the Gateway can assert an ePPN
with a fixed scope (such as “@google.gateway“@gateway.incommon.org”). In this case, no configuration at the SP is necessary since the SP performs normal scoped attribute checking based on a fixed set of <shibmd: Scope>
elements in Gateway metadata. In the above example, there will be one such <shibmd: Scope>
element in Gateway metadata, namely:
<shibmd:Scope regexp="false">google.gateway>gateway.incommon.org</shibmd:Scope>
...