SAML : support eduPersonTargetedID attributes
Summary
When LemonLDAP::NG act as a SAML2 IDP It should be enable to deliver the eduPersonTargetedID attribute. This attribute is very used inside the Inter Research and Educational Federation see :
- https://www.switch.ch/aai/support/documents/attributes/edupersontargetedid/
- https://services.renater.fr/documentation/supann/supann2020/recommandations2020/attributs/edupersontargetedid
This attribute is based on the
- SP entityId
- IDP entityID
- user ID
see example value on french website.
Design proposition
I've no idea of implementation and complexity.
One of solution is allow lemonldap to get the entityID of both IDP ans SP during the SAML Session. Based on those fetched values, we could use the macros system like :
idpEntityID."!".
idpEntitySP."!".$userPrincipaleName or
idpEntityID."!".
idpEntitySP."!".encrypt($userPrincipaleName)