[satosa-users] COmanage, Shibboleth, and SATOSA

Thank you both, Niels and Scott! I think I understand now: 1. If I were to pass ePUID/ePPN/ePTID/etc. to Shibboleth (COmanage), I would need to recapitulate in Shibboleth the identifier selection/composition logic implemented by PrimaryIdentifier. 2. Since I'm using the PrimaryIdentifier micro service, the proper identifier is already in the `uid` SATOSA internal attribute. 3. I can map the `uid` internal attribute to an unscoped SAML attribute via internal_attributes.yaml. 4. Because I previously reverted to the default name_form of `urn:oasis:names:tc:SAML:2.0:attrname-format:uri`, if I map the `uid` internal attribute to the `uid` SAML attribute, SATOSA/pysaml2 will emit the urn:oid:0.9.2342.19200300.100.1.1 attribute from the saml_uri map, not the urn:mace:dir:attribute-def:uid attribute from the basic map. Part of what confused me so much was the process of mapping a SATOSA internal attribute to a pysaml2 friendly name and mapping a pysaml2 friendly name to a SAML attribute name, the latter which depends on the SAML attribute name format. Thanks again! Matthew -- I FIGHT FOR THE USERS