Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

...

Friendly name

Attribute name

S/M

Definition

Data type

Example

Anchor

	epti
	epti

(NameID)
urn:mace:dir:attribute-def:eduPersonTargetedID
urn:oid:1.3.6.1.4.1.5923.1.1.1.10

UTF8 string
(unbounded)

bd09168cf0c2e675b2def0ade6f50b7d4bb4aae

urn:mace:dir:attribute-def:sn
urn:oid:2.5.4.4

UTF8 string
(unbounded)

Vermeegen
?

urn:mace:dir:attribute-def:givenName
urn:oid:2.5.4.42

UTF8 string
(unbounded)

Mërgim Lukáš
??

urn:mace:dir:attribute-def:cn
urn:oid:2.5.4.3

UTF8 String
(unbounded)

Prof.dr. Mërgim Lukáš Vermeegen
? ??, PhD.

urn:mace:dir:attribute-def:displayName
urn:oid:2.16.840.1.113730.3.1.241

UTF8 String
(unbounded)

Prof.dr. Mërgim L. Vermeegen
? ??, PhD.

urn:mace:dir:attribute-def:mail
urn:oid:0.9.2342.19200300.100.1.3

RFC-5322 address
(max 256 chars)

m.l.vermeegen@university.example.org
"very.unusual.@.unusual.com"@example.com
mlv@[IPv6:2001:db8::1234:4321]

urn:mace:terena.org:attribute-def:schacHomeOrganization
urn:oid:1.3.6.1.4.1.25178.1.2.9

RFC-1035 domain string

university.example.org

Organization Type

urn:mace:terena.org:attribute-def:schacHomeOrganizationType
urn:oid:1.3.6.1.4.1.25178.1.2.10

RFC-2141 URN
see Schac standard

urn:mace:terena.org:schac:homeOrganizationType:int:university
urn:mace:terena.org:schac:homeOrganizationType:es:opi

urn:mace:dir:attribute-def:eduPersonAffiliation
urn:oid:1.3.6.1.4.1.5923.1.1.1.1

Enum type (UTF8 String)

faculty, student, staff, (alum, member, affiliate, employee, library-walk-in)

urn:mace:dir:attribute-def:eduPersonEntitlement
urn:oid:1.3.6.1.4.1.5923.1.1.1.7

RFC-2141 URN
Multi-valued

to be determined per service (see Standardized values for eduPersonEntitlement)

urn:mace:dir:attribute-def:eduPersonPrincipalName
urn:oid:1.3.6.1.4.1.5923.1.1.1.6

UTF8 String
user@domain

not.a@vålîd.émail.addreß
??@aninstitutionname

urn:mace:dir:attribute-def:isMemberOf
urn:oid:1.3.6.1.4.1.5923.1.5.1.1

RFC-2141 URN
Multi-valued

urn:collab:org:surf.nl
urn:collab:org:clarin.org

urn:mace:dir:attribute-def:uid
urn:oid:0.9.2342.19200300.100.1.1

UTF8 String
(max 256 chars)

s9603145
flåp@example.edu

preferredLanguage

urn:mace:dir:attribute-def:preferredLanguage
urn:oid:2.16.840.1.113730.3.1.39

List of BCP47 language tags

nl
nl, en-gb;q=0.8, en;q=0.7

eduPersonTargetedID

urn:mace:dir:attribute-def:eduPersonTargetedID
urn:oid:1.3.6.1.4.1.5923.1.1.1.10

UTF8 string
(unbounded)

24d66f51ac1c0b140e617af335b9abb4b8d88a5b

Note that not all identity providers might make all attributes available.

...

urn:mace	urn:mace:dir:attribute-def:uid
urn:oid	urn:oid:10.39.62342.119200300.4100.1.1466.115.121.1.15
Multiplicity	multi-valued
Description	The unique code for a person that is used as the login name within the institution.
Notes	The uid is not a unique identifier for SURFconext users. Uid values are at most unique for each IdP. Ideally the uid is not only a login name/code but also an identifier that is guaranteed as being unique within the institution over the course of time. At the moment, there is no such guarantee. Use the NameId for unique identifiers in SURFconext rather than uid. Use the eduPersonPrincipalName attribute if a human-readable unique identifier is required A uid may contain any unicode character. E.g., "`org:surfnet.nl:joe von stühl`" is a valid uid. SURFconext translates @-characters in the uid to underscores. Yes, this means that uids are not guaranteed to be unique.

...

urn:mace	urn:mace:dir:attribute-def:preferredLanguage
urn:oid	urn:oid:2.16.840.1.113730.3.1.39
Multiplicity	single-valued
Description	a two-letter abbreviation for the preferred language according to the ISO 639 language abbreviation code table; no subcodes.
Notes	Used to indicate an individual's preferred written or spoken language. This is useful for international correspondence or human-computer interaction. Values for this attribute type MUST conform to the definition of the Accept-Language header field defined in RFC 2068 with one exception: ?the value "`:`" should be omitted.

EduPersonTargetedID

urn:mace	urn:mace:dir:attribute-def:eduPersonTargetedID
urn:oid	urn:oid:1.3.6.1.4.1.5923.1.1.1.10
Multiplicity	single-valued
Description	The attribute eduPersonTargetedID is a copy of the Subject -> NameID which is generated by SURFconext itself. When an Identity Provider provides the eduPersonTargetedID itself, it is always overwritten by SURFconext.
Notes	This attribute is created because the Subject -> NameID itself is not part of the SAML v2.0 response and therefore can not be used. Within SURFconext the Subject -> NameID is explicitly placed in the attribute eduPersonTargetedID, so that you can use it.