Hi,
Have you sent this to Nicole Harris? Based on that personal certificates also requires an eduPersonEntitlement we've instructed all our members to do a manual configuration of automatic release of expected attributes.
Pål
Från: Hildegunn Vada via Identity-talks identity-talks@lists.nordu.net Skickat: den 14 november 2025 14:44 Till: Jan Meijer via Identity-talks identity-talks@lists.nordu.net Ämne: [Identity-talks] Problems with Harica
Hi everyone, I'm looking for input on how we can better handle the following situation: IGTF Personal Certificates are used for user authentication in collaborations between CERN and Norwegian universities. To enable certificate issuance, Identity Providers in eduGAIN must release certain attributes-most importantly, eduPersonPrincipalName, which GEANT requires for IGTF Personal Certificates [1]. However, HARICA does not currently require this attribute, and Feide cannot release attributes that are not explicitly required. As a result, Sikt is unable to provide IGTF Personal Certificates to our customers. The latest update we received from HARICA (on September 19) was: "This change is already in our plans, but we are also looking to introduce the 'subject-ID' attribute, which appears to be the optimal one for identity mapping. We are discussing internally how to prioritize this over other requested features." For now, we are implementing a workaround for Norwegian universities, but it's disappointing that a certificate provider operating under a GEANT contract does not already support this. How can we apply more pressure on HARICA to prioritize this change?
[1] https://wiki.geant.org/pages/viewpage.action?spaceKey=TCSNT&title=TCS+20...
Thanks for any ideas-and wishing you all a great weekend ahead!
Hildegunn