~fkooman/php-saml-sp

09ea8ce14cd5dafbf65195775884f77cf10765be — Fran├žois Kooman 2 months ago c0294d7
update FAQ
1 files changed, 20 insertions(+), 0 deletions(-)

M FAQ.md
M FAQ.md => FAQ.md +20 -0
@@ 11,6 11,26 @@ The attribute is filtered because:
   value, for example `eduPersonPrincipalName`, is not listed in the 
   `<shibmd:Scope>` element of the IdP metadata.

## Why does eduPersonTargetedID look so strange?

The default value for `eduPersonTargetedID` is "serialized" including the 
entity IDs of the IdP and SP, e.g. 
`https://idp.example.org/saml!https://sp.example.com/saml!5Poe7wINn4MQ9G`. 
Binding the user's identity to both the IdP and SP makes sense as the 
identifier is (persistently) unique for every IdP/SP combination.

However, if you want, you can change the "template" to not include these 
details. We have a setting in `/etc/php-saml-sp/config.php` called 
`targetedIdTemplate` that you can set. Examples:

```php
// default ("Shibboleth Style")
'targetedIdTemplate' => '{{IDP_ENTITY_ID}}!{{SP_ENTITY_ID}}!{{USER_ID}}',

// only the "User ID"
'targetedIdTemplate' => '{{USER_ID}}',
```

## How can I use my own SAML SP certificate(s) and key(s)?

Certificates for signing and encryption are created during the installation