[satosa-users] COmanage, Shibboleth, and SATOSA

So here's the next question, related to passing unmodified assertions from SATOSA to a SP, specifically COmanage and Shibboleth: What's the right way to bypass the scope checks Shibboleth usually performs on ePPN/ePTID/ePUID? I'm using the following PrimaryIdentifier configuration: ```yaml module: primary_identifier.PrimaryIdentifier name: PrimaryIdentifier config: ## look for identifiers in this order (first match wins) ordered_identifier_candidates: - attribute_names: - epuid - attribute_names: - eppn - name_id name_id_format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - attribute_names: - eppn - edupersontargetedid - attribute_names: - eppn - add_scope: issuer_entityid attribute_names: - name_id name_id_format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - add_scope: issuer_entityid attribute_names: - edupersontargetedid primary_identifier: "uid" clear_input_attributes: false ``` Best wishes, Matthew -- "The lyf so short, the craft so longe to lerne."