Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Attribute overview

SURFconext supported supports relaying of the following attributes:

Friendly name

Attribute name

Definition

Data type

Example

ID

(NameID)
urn:mace:dir:attribute-def:eduPersonTargetedID
urn:oid:1.3.6.1.4.1.5923.1.1.1.10

eduPerson (1)

UTF8 string
(unbounded)

bd09168cf0c2e675b2def0ade6f50b7d4bb4aae

Surname

urn:mace:dir:attribute-def:sn
urn:oid:2.5.4.4

X.520

UTF8 string
(unbounded)

Doe

Vermeegen
孝慈

Given name or first name

urn:mace:dir:attribute-def:givenName
urn:oid:2.5.4.42

X.520

UTF8 string
(unbounded)

John

Mërgim Lukáš

Þrúður

Common name or Full Name

urn:mace:dir:attribute-def:cn
urn:oid:2.5.4.3

X.520

UTF8 String
(unbounded)

John Doe

Prof.dr. Mërgim Lukáš Vermeegen

加来 千代, PhD.

Display name

urn:mace:dir:attribute-def:displayName
urn:oid:2.16.840.1.113730.3.1.241

RFC2798

UTF8 String
(unbounded)

Dr. John Doe

Prof.dr. Mërgim L. Vermeegen

加来 千代, PhD.

Email address

urn:mace:dir:attribute-def:mail
urn:oid:0.9.2342.19200300.100.1.3

RFC4524

RFC-5322 address
(max 256 chars)

m.l.vermeegen@university.example.org

maarten.'t.hart@uniharderwijk.nl 

"very.unusual.@.but valid.nonetheless"@example.com

mlv@[IPv6:2001:db8::1234:4321]

Organization

urn:mace:terena.org:attribute-def:schacHomeOrganization
urn:oid:1.3.6.1.4.1.25178.1.2.9

Schac

RFC-1035 domain string

example.nl

something.example.org  

Organization Type

urn:mace:terena.org:attribute-def:schacHomeOrganizationType
urn:oid:1.3.6.1.4.1.25178.1.2.10

Schac

RFC-2141 URN
see Schac standard  

urn:mace:terena.org:schac:homeOrganizationType:int:university

urn:mace:terena.org:schac:homeOrganizationType:es:opi

Employee/student number

urn:schac:attribute-def:schacPersonalUniqueCode
urn:oid:1.3.6.1.4.1.25178.1.2.14

Schac

RFC-2141 URN
see SURFnet registry 

urn:schac:personalUniqueCode:nl:local:example.edu:employeeid:x12-3456

urn:schac:personalUniqueCode:nl:local:example.nl:studentid:s1234567

Affiliation

urn:mace:dir:attribute-def:eduPersonAffiliation
urn:oid:1.3.6.1.4.1.5923.1.1.1.1

eduPerson (1)

Enum type (UTF8 String)

employee, student, faculty, member, affiliate, pre-student

(staff is deprecated; library-walk-in, alum are not allowed)

Scoped affiliationurn:mace:dir:attribute-def:eduPersonScopedAffiliation
urn:oid:1.3.6.1.4.1.5923.1.1.1.9
eduPerson (1)UTF8 String
user@domain

student@uniharderwijk.nl

employee@uniharderwijk.nl

Entitlement

urn:mace:dir:attribute-def:eduPersonEntitlement
urn:oid:1.3.6.1.4.1.5923.1.1.1.7

eduPerson (1)

RFC-2141 URN
Multi-valued

to be determined per service (see Standardized values for eduPersonEntitlement)

PrincipalName

urn:mace:dir:attribute-def:eduPersonPrincipalName
urn:oid:1.3.6.1.4.1.5923.1.1.1.6

eduPerson (1)

UTF8 String
user@scope

piet.jønsen@example.edu

not.a@vålîd.émail.addreß

isMemberOf

urn:mace:dir:attribute-def:isMemberOf
urn:oid:1.3.6.1.4.1.5923.1.5.1.1

eduMember

RFC-2141 URN
Multi-valued

urn:collab:org:surf.nl

urn:collab:org:clarin.org

uid

urn:mace:dir:attribute-def:uid
urn:oid:0.9.2342.19200300.100.1.1

RFC4519

UTF8 String
(max 256 chars)

s9603145

flåp@example.edu

preferredLanguage

urn:mace:dir:attribute-def:preferredLanguage
urn:oid:2.16.840.1.113730.3.1.39

RFC2798
BCP47

List of BCP47 language tags

nl

nl, en-gb;q=0.8, en;q=0.7

ORCID

urn:mace:dir:attribute-def:eduPersonORCID

urn:oid:1.3.6.1.4.1.5923.1.1.1.16

eduPerson (1)

URL registered

with ORCID.org

http://orcid.org/0000-0002-1825-0097
ECK ID

urn:mace:surf.nl:attribute-def:eckid

SURF / Edu-KURL conform Edu-K specificationhttps://ketenid.nl/spv1/eacf3765ad342...cf3a11fe9cab2365f95da3e9965501f7c98e (Attribute made shorter for readability)
SURF CRM IDurn:mace:surf.nl:attribute-def:surf-crm-idSURFGUID of the instiution as used in SURF CRMad93daef-0911-e511-80d0-005056956c1a
MS AuthnMethodsReferenceshttp://schemas.microsoft.com/claims/authnmethodsreferencesMicrosoftURIurn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
http://schemas.microsoft.com/claims/multipleauthn

Note that not all identity providers might make all attributes available.

...

urn:mace

urn:mace:surf.nl:attribute-def:surf-crm-id

urn:oid

urn:oid:1.3.6.1.4.1.1076.20.100.10.50.2

Multiplicity

single-valued

Data type

Microsoft GUID

Description 

GUID of the organization to which the IdP belongs, as used in the SURF CRM.

Examples

ad93daef-0911-e511-80d0-005056956c1a

Notes

SURF specific and only to be used by SURF SPs that have to interface with the SURF CRM.

Only to be used after consultation with SURFnet.

Anchor
authnmethodsreferences
authnmethodsreferences
MS AuthnMethodsReferences

Name

http://schemas.microsoft.com/claims/authnmethodsreferences

Multiplicity

multi-valued

Data type

URI

Description

The AuthnContext-referenties involved in authenticating the current user on their home IdP.

Examples

urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
http://schemas.microsoft.com/claims/multipleauthn

Opmerkingen 

  • Exclusively for use between IdPs and SURFconext; not available to SPs.
  • Used when the institution has a Microsoft ADFS IdP, to communicate the used MFA method to SURFconext. Not needed or useful when this functionality is not used by the institution in question.
  • No other uses. For comparable but more generic SAML 2.0-functionality, see the AuthnContextClassRef sent in each assertion.