...
- There are a variety of issues related to attribute management in the problem space of account linking. The document linked above discusses a variety of use cases around account linking.
Social2SAML Gateways
- Universities are showing increased interest in allowing certain classes of potential users to authenticate via Social IdPs (Twitter, Facebook, Gmail, Yahoo,...) and access SAML-protected services and resources. The only path open at present is to rely on a Social2SAML gateway of some sort that authenticates a user via a social IdP and then transforms that into a SAML authentication and attribute assertion. Since multiple gateways already exist, there are multiple ways the transformation is being accomplished. There is wide agreement that gateways are always a sub-optimal solution, but they are hard to get rid of once usage is entrenched. The ideal would be to include multiple protocol support in the native SP package.