Hello, I have configured our VCL instance to support five different affiliations (in addition to Local and Global), each of which uses Shibboleth to authenticate. Everything works smoothly, but I'm wondering why the default configuration removes the .edu from the corresponding Shibboleth attribute (eppn) in order to construct the affiliation name? (See around line 113-116 in shibauth/index.php) The result is that group affiliation lists look like this:
user1@AMHERST user2@MTHOLYOKE user3@SMITH etc. Similarly, groups might look like this: admin@AMHERST chemistry@HAMPSHIRE math@SMITH math@UMASS etc. Was the intention simply to distinguish the user and group lists from actual email addresses? Clearly, the VCL user/group name + affiliation would not always map cleanly to a real email address, but I was wondering if there was any other reason for this choice. Thanks, Aaron Coburn -- Aaron Coburn Systems Administrator and Programmer Academic Technology Services, Amherst College (413) 542-5451 acob...@amherst.edu
