Shibboleth - 1.3.2.3. Shibboleth login with persistent-id header and email available

[kosarko]

Expectation

Use idp2 and “anon” as the username; the user should be logged in successfully, be in the “Authenticated” and “IDP2” groups (there’s no mapping for the unscoped-affiliation with value “student”), the netid column should be filled in.

Actual

the netid column should be filled in. -> it's not. No mention of config; but when netid-header = eppn,persistent-id...
(other parts not tested, yet)

[milanmajchrak]

@kosarko
I managed to sign in successfully as the 'anon' user, but the user was only assigned to the 'Authenticated' group and not to 'IDP2'. The netid of the anon user after login looks like this: anon@example.org[https://idptestbed/idp/shibboleth]
Is it OK?

I tested it on our our dev5 testing environment.

[kosarko]

@milanmajchrak the entityId of idp2 is https://someother/idp/shibboleth (https://github.com/ufal/dockerized-idp-testbed/blob/b3d95d05bcfd8a6080699051df7e85942493cfd3/idp2/shibboleth-idp/conf/idp.properties#L5). So it seems you've logged in through idp1