09ea8ce14cd5dafbf65195775884f77cf10765be — Fran├žois Kooman 2 months ago c0294d7
update FAQ
1 files changed, 20 insertions(+), 0 deletions(-)

M FAQ.md
M FAQ.md => FAQ.md +20 -0
@@ 11,6 11,26 @@ The attribute is filtered because:
   value, for example `eduPersonPrincipalName`, is not listed in the 
   `<shibmd:Scope>` element of the IdP metadata.

## Why does eduPersonTargetedID look so strange?

The default value for `eduPersonTargetedID` is "serialized" including the 
entity IDs of the IdP and SP, e.g. 
Binding the user's identity to both the IdP and SP makes sense as the 
identifier is (persistently) unique for every IdP/SP combination.

However, if you want, you can change the "template" to not include these 
details. We have a setting in `/etc/php-saml-sp/config.php` called 
`targetedIdTemplate` that you can set. Examples:

// default ("Shibboleth Style")
'targetedIdTemplate' => '{{IDP_ENTITY_ID}}!{{SP_ENTITY_ID}}!{{USER_ID}}',

// only the "User ID"
'targetedIdTemplate' => '{{USER_ID}}',

## How can I use my own SAML SP certificate(s) and key(s)?

Certificates for signing and encryption are created during the installation