Change the way the Shibboleth Identity is stored for EduPersonTargetedID
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Description
The string in the database for the matching of the GitLab Account to a Shibboleth Account is build up like this: <IdP URL>!<SP URL>!<ID> when EduPersonTargetedID is used (which is the default in Shibboleth for now). This causes problems for the coming migration to IdPv3 (IdPv2 has reached its EOL). The problem is that the string in the database contains the IdP URL. If this URL changes (e. g. for the upgrade to IdPv3, name changes of institute and so on) it has to be changed in every Identity before being able to log in to GitLab again.
Proposal
Save only the ID in the database and generate the complete EduPersonTargetedID on each Login. That way, IdP changes only require different settings in Shibboleth SP Settings (shibboleth2.xml).