Versions Compared

Old Version 129

changes.mady.by.user Thijs Kinkhorst

Saved on

compared with

New Version 130

changes.mady.by.user Thijs Kinkhorst

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note

SURFconext's SAML2 implementation adheres to the SAML2int standard 0.2.1.

On this section we will show you which attributes SURFconext and their Identity Providers have to offer.

...

Anchor
ePSA
ePSA
Scoped Affiliation

urn:maceurn:mace:dir:attribute-def:eduPersonScopedAffiliation
urn:oidurn:oid:1.3.6.1.4.1.1466.115.121.1.15
Multiplicitymulti-valued
Data typeUTF8 String of the form affiliation@domain (see below)
Description

Indicates the relationship between the user and the domain of his home organisation. The affiliation part must be one of the allowed values of the eduPersonAffiliation attribute (see definition right above).

The value is the role of the user and the domain name of the organisation. eduPersonScopedAffiliation can hence be defined as: <eduPersonAffiliation> "@" <schacHomeOrganization>. Just like eduPersonScopedAffiliation, this is a multi valued attribute.

The domain part must be the schacHomeOrganization of the user (or a subdomain thereof). 

Examplesstudent@uniharderwijk.nl
faculty@uniharderwijk.nl
Notes
  • This attribute is primarily a different way to convey the same information as is contained in eduPersonAffiliation and schacHomeOrganization. It's recommended to release this attribute next to eduPersonAffiliation and schacHomeOrganization, because some SPs ask for this attribute instead of the two separate ones.
  • If desired, this attribute can be used to describe the role of the user within a specific faculty, field, study or department that the user is part of. Because the attribute is multi-valued, a user can be a student at one and an employee at another department.

 

Anchor
ePE
ePE
Entitlements

...