...
Expected attribute release
Attribute(s) | OID | Comment |
---|---|---|
transientId | SAML2 session user identifier. | |
eduPersonTargetedID | 1.3.6.1.4.1.5923.1.1.1.10 | |
eduPersonPrincipalName | 1.3.6.1.4.1.5923.1.1.1.6 | |
0.9.2342.19200300.100.1.3 | Can be more than one address released but Identity Providers are recommended to release only one. | |
displayName and/or givenName and sn | 2.16.840.1.113730.3.1.241, | A user's name can be released in different ways and it's recommended that the Service Provider can handle this. |
eduPersonScopedAffiliation | 1.3.6.1.4.1.5923.1.1.1.9 |
...
Expected minimal attribute availability for release (only if required)
Attribute(s) | OID | Comment |
---|---|---|
transientId | SAML2 session user identifier. | |
eduPersonTargetedID | 1.3.6.1.4.1.5923.1.1.1.10 | Only if required in Service Provider metadata! |
eduPersonPrincipalName | 1.3.6.1.4.1.5923.1.1.1.6 | Only if required in Service Provider metadata! |
0.9.2342.19200300.100.1.3 | Only if required in Service Provider metadata! Can be more than one address released but Identity Providers are recommended to release only one. | |
displayName and/or cn | 2.16.840.1.113730.3.1.241, | Only if required in Service Provider metadata! A user's name can be released in different ways and it's recommended that the Service Provider can handle this. |
eduPersonScopedAffiliation | 1.3.6.1.4.1.5923.1.1.1.9 | Only if required in Service Provider metadata! |
schacHomeOrganization | 1.3.6.1.4.1.25178.1.2.9 | Only if required in Service Provider metadata! |
schacHomeOrganizationType | 1.3.6.1.4.1.25178.1.2.10 | Only if required in Service Provider metadata! |
...
Expected attribute release when paired with a SWAMID Data Protection Entity Category
Attribute(s) | OID | Comment |
---|---|---|
transientId | SAML2 session user identifier. | |
eduPersonTargetedID | 1.3.6.1.4.1.5923.1.1.1.10 | |
eduPersonAssurance | 1.3.6.1.4.1.5923.1.1.1.11 | One or more Assurance Profiles for the user if it is defined, please see "3.3 Configure Shibboleth SP - Check for Identity Assurance or REFEDS SIRTFI" for more information. |
eduPersonPrincipalName | 1.3.6.1.4.1.5923.1.1.1.6 | |
0.9.2342.19200300.100.1.3 | Can be more than one address released but Identity Providers are recommended to release only one. | |
displayName, cn and/or givenName and sn | 2.16.840.1.113730.3.1.241, | A user's name can be released in different ways and it's recommended that the Service Provider can handle this. |
eduPersonScopedAffiliation | 1.3.6.1.4.1.5923.1.1.1.9 | |
o | 2.5.4.10 | |
norEduOrgAcronym | 1.3.6.1.4.1.2428.90.1.6 | |
c | 2.5.4.6 | |
co | 0.9.2342.19200300.100.1.43 | |
schacHomeOrganization | 1.3.6.1.4.1.25178.1.2.9 |
...
Expected attribute release
Attribute | OID | Comment |
---|---|---|
transientId | SAML2 session user identifier. | |
eduPersonTargetedID | 1.3.6.1.4.1.5923.1.1.1.10 | |
eduPersonAssurance | 1.3.6.1.4.1.5923.1.1.1.11 | One or more Assurance Profiles for the user if it is defined, please see "3.3 Configure Shibboleth SP - Check for Identity Assurance or REFEDS SIRTFI" for more information. |
norEduPersonNIN | 1.3.6.1.4.1.2428.90.1.5 | Swedish goverment Personal Identity Number, Swedish goverment temporary Co-ordination number or Swedish National Admission system interim identity number. |
...
Most Identity Providers within SWAMID sends the per Service Provider unique user identifier eduPersonTargetedID (OID 1.3.6.1.4.1.5923.1.1.1.10) to and the SAML2 per session session user identifier transientId to all Service Providers.