Versions Compared

Old Version 28

changes.mady.by.user Bas Zoetekouw

Saved on

compared with

New Version 29

changes.mady.by.user Bas Zoetekouw

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

When a user logs in to a service provider, SURFconext sends a so-called SAML assertion to the service provider. This SAML assertion contains a number of statements about the user who is logging in to you service, including his identity, and possibly a number of additional attributes (see below).  More information about SAML can be found on this page.

On this page, we explain which attributes SURFconext and its identity providers can provide for the services.  A guide for identity providers, explaining which attributes should be released to SURFconext, is found elsewhere.

User identifiers

The user's identity is transmitted in the form of the NameId element of the SAML statement.  SPs should use the NameId (rather than email address, or other attributes that might change over time) to identify users.  The NameId is guaranteed to be stable and never change for a fixed user (except in the case of transient identifiers, see below).

...

The legacy format is not standardized, and currently has the type urn:oasis:names:tc:SAML:21.01:nameid-format:unspecified.

...

Friendly name

Attribute name

Definition

Data type

Example

ID

(NameId)
urn:oid:1.3.6.1.4.1.5923.1.1.1.10

eduPerson

UTF8 string
(unbounded)

bd09168cf0c2e675b2def0ade6f50b7d4bb4aae

Surname

urn:mace:dir:attribute-def:sn
urn:oid:2.5.4.4

X.520

UTF8 string
(unbounded)

Vermeegen
?

Given name

urn:mace:dir:attribute-def:givenName
urn:oid:2.5.4.42

X.520

UTF8 string
(unbounded)

Mërgim Lukáš
??

Common name

urn:mace:dir:attribute-def:cn
urn:oid:2.5.4.3

X.520

UTF8 String
(unbounded)

Prof.dr. Mërgim Lukáš Vermeegen
? ??, PhD.

Display name

urn:mace:dir:attribute-def:displayName
urn:oid:1.3.6.1.4.1.1466.115.121.1.15

RFC2798

UTF8 String
(unbounded)

Prof.dr. Mërgim L. Vermeegen
? ??, PhD.

Email address

urn:mace:dir:attribute-def:mail
urn:oid:0.9.2342.19200300.100.1.3

RFC4524

RFC-5322 address
(max 256 chars)

m.l.vermeegen@university.example.org
"very.unusual.@.unusual.com"@example.com
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6f2a1cc4d3bda86b-6099f4c1-49b745a5-8be3a987-d52462f55d33b084fba82996"><ac:plain-text-body><![CDATA[mlv@[IPv6:2001:db8::1234:4321]

]]></ac:plain-text-body></ac:structured-macro>

Organization

urn:mace:terena.org:attribute-def:schacHomeOrganization
urn:oid:1.3.6.1.4.1.25178.1.2.9

Schac

RFC-1035 domain string

university.example.org
 

Organization Type

urn:mace:terena.org:attribute-def:schacHomeOrganizationType
urn:oid:1.3.6.1.4.1.25178.1.2.10

Schac

RFC-2141 URN
see Schac standard

urn:mace:terena.org:schac:homeOrganizationType:int:university
urn:mace:terena.org:schac:homeOrganizationType:es:opi

Affiliation

urn:mace:dir:attribute-def:eduPersonAffiliation
urn:oid:1.3.6.1.4.1.5923.1.1.1.1

eduPerson

Enum type (UTF8 String)

faculty, student, staff, alum, member, affiliate, employee, library-walk-in

Entitlement

urn:mace:dir:attribute-def:eduPersonEntitlement
urn:oid:1.3.6.1.4.1.5923.1.1.1.7

eduPerson

RFC-2141 URN
Multi-valued

to be determined

PrincipalName

urn:mace:dir:attribute-def:eduPersonPrincipalName
urn:oid:1.3.6.1.4.1.5923.1.1.1.6

eduPerson

UTF8 String
user@domain

not.a@vålîd.émail.addreß
??@aninstitutionname

isMemberOf

urn:mace:dir:attribute-def:isMemberOf
urn:oid:1.3.6.1.4.1.5923.1.5.1.1

eduMember

RFC-2141 URN
Multi-valued

urn:collab:org:surf.nl
urn:collab:org:clarin.org

uid

urn:mace:dir:attribute-def:uid
urn:oid:1.3.6.1.4.1.1466.115.121.1.15

RFC4519

UTF8 String
(max 256 chars)

s9603145
flåp_example.edu

preferredLanguage

urn:mace:dir:attribute-def:preferredLanguage
urn:oid:2.16.840.1.113730.3.1.39

RFC2798

BCP47 language tag

nl-BE
en-US

...