...
Now, when a user logs in to a Service Provider, SURFconext sends a SAML assertion to the Service Provider via the browser of the user, that contains a:
- User identifier. Al All services receive these and are either a configurable Transient or Persistent NameIDNameID (chosen via SP Dashboard).
and Additional attributes. These are optional and differ per Service.
...
Friendly name | Attribute name | Example |
---|---|---|
SAML NameID element | bd09168cf0c2e675b2def0ade6f50b7d4bb4aae | |
urn:mace:dir:attribute-def:sn | Doe Vermeegen | |
urn:mace:dir:attribute-def:givenName | John Mërgim Lukáš Þrúður | |
urn:mace:dir:attribute-def:cn | John Doe Prof.dr. Mërgim Lukáš Vermeegen 加来 千代, PhD. | |
urn:mace:dir:attribute-def:displayName | Dr. John Doe Prof.dr. Mërgim L. Vermeegen 加来 千代, PhD. | |
urn:mace:dir:attribute-def:mail | m.l.vermeegen@university.example.org maarten.'t.hart@uniharderwijk.nl "very.unusual.@.but valid.nonetheless"@example.com mlv@[IPv6:2001:db8::1234:4321] | |
urn:mace:terena.org:attribute-def:schacHomeOrganization | example.nl something.example.org | |
urn:mace:terena.org:attribute-def:schacHomeOrganizationType | urn:mace:terena.org:schac:homeOrganizationType:int:university urn:mace:terena.org:schac:homeOrganizationType:es:opi | |
Employee/student number | urn:schac:attribute-def:schacPersonalUniqueCode | urn:schac:personalUniqueCode:nl:local:example.edu:employeeid:x12-3456 urn:schac:personalUniqueCode:nl:local:example.nl:studentid:s1234567 |
urn:mace:dir:attribute-def:eduPersonAffiliation | employee, student, faculty, member, affiliate, pre-student | |
Scoped affiliation | urn:mace:dir:attribute-def:eduPersonScopedAffiliation urn:oid:1.3.6.1.4.1.5923.1.1.1.9 | student@uniharderwijk.nl employee@uniharderwijk.nl |
urn:mace:dir:attribute-def:eduPersonEntitlement | to be determined per service (see Standardized values for eduPersonEntitlement) | |
urn:mace:dir:attribute-def:eduPersonPrincipalName | piet.jønsen@example.edu not.a@vålîd.émail.addreß | |
urn:mace:dir:attribute-def:isMemberOf | urn:collab:org:surf.nl urn:collab:org:clarin.org | |
urn:mace:dir:attribute-def:uid | s9603145 flåp@example.edu | |
urn:mace:dir:attribute-def:preferredLanguage | nl nl, en-gb;q=0.8, en;q=0.7 | |
ORCID | urn:mace:dir:attribute-def:eduPersonORCID urn:oid:1.3.6.1.4.1.5923.1.1.1.16 | http://orcid.org/0000-0002-1825-0097 |
Assurance | urn:mace:dir:attribute-def:eduPersonAssurance urn:oid:1.3.6.1.4.1.5923.1.1.1.11 | https://refeds.org/assurance/ID/unique |
ECK ID | urn:mace:surf.nl:attribute-def:eckid | https://ketenid.nl/spv1/eacf3765ad342...cf3a11fe9cab2365f95da3e9965501f7c98e (Attribute made shorter for readability) |
SURF CRM ID | urn:mace:surf.nl:attribute-def:surf-crm-id | ad93daef-0911-e511-80d0-005056956c1a |
MS AuthnMethodsReferences | http://schemas.microsoft.com/claims/authnmethodsreferences | urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport http://schemas.microsoft.com/claims/multipleauthn |
urn:mace:dir:attribute-def:ou urn:oid:2.5.4.11 | ICT Services | |
eduid | urn:mace:eduid.nl:1.1 | 658b6b41-7c13-431d-b3b4-663e9077c24c f4c9afe4-b9e1-42bb-92b8-047ac8711e29 |
...