Hello,
I have configured our VCL instance to support five different affiliations (in 
addition to Local and Global), each of which uses Shibboleth to authenticate. 
Everything works smoothly, but I'm wondering why the default configuration 
removes the .edu from the corresponding Shibboleth attribute (eppn) in order to 
construct the affiliation name? (See around line 113-116 in shibauth/index.php) 
The result is that group affiliation lists look like this:

user1@AMHERST
user2@MTHOLYOKE
user3@SMITH
etc.

Similarly, groups might look like this:

admin@AMHERST
chemistry@HAMPSHIRE
math@SMITH
math@UMASS
etc.

Was the intention simply to distinguish the user and group lists from actual 
email addresses? Clearly, the VCL user/group name + affiliation would not 
always map cleanly to a real email address, but I was wondering if there was 
any other reason for this choice.

Thanks,
Aaron Coburn


--
Aaron Coburn
Systems Administrator and Programmer
Academic Technology Services, Amherst College
(413) 542-5451 acob...@amherst.edu





Reply via email to