Versions Compared

Old Version 11

changes.mady.by.user Leif Johansson

Saved on

compared with

New Version 12

changes.mady.by.user Fredrik Domeij

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Download SWAMID standard attribute-map.xml.

 

Code Block
languagexml
firstline1
titleattribute-map.xmlfirstline1
linenumberstrue
collapsetrue
<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <!--
    SWAMID standard attribute-map.xml for SAML 2.0
	==============================================
	The mappings are agreed to within the Shibboleth community or directly LDAP attribute names.
	
	At the end their is some SAML 1.1 attribute definitions that you usually don't need. If you
	need them uncomment them.
	
	Version: 2015-11-10
	
	REMEMBER to notify SWAMID saml-admins list when updating this file!
    -->

    <!-- A persistent id attribute that supports personalized anonymous access. -->
    <!-- First, the eduPerson version with OID-style name: -->
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" id="persistent-id">
        <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
    </Attribute>
    <!-- Second, the SAML 2.0 NameID Format: -->
    <Attribute name="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" id="persistent-id">
        <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
    </Attribute>

    <!-- eduPerson attributes until version 201310 -->
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" id="eppn">
        <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
    </Attribute>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.12" id="prior-eppn">
        <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
    </Attribute>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" id="affiliation">
        <AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/>
    </Attribute>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" id="unscoped-affiliation">
        <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
    </Attribute>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" id="entitlement"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" id="primary-affiliation">
        <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
    </Attribute>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" id="nickname"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.8" id="primary-orgunit-dn"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.4" id="orgunit-dn"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.3" id="org-dn"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" id="assurance"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" id="unique-id"/>

    <!-- Experimental eduPerson ORCID attribute -->
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.16" id="orcid"/>
    
    <!-- eduMember attributes until version 200507 -->
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.5.1.1" id="member"/>
    
    <!-- eduCourse attributes until version 200507 -->
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.6.1.1" id="eduCourseOffering"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.6.1.2" id="eduCourseMember"/>

    <!-- Attributes from the Nordic LDAP schema norEdu* until version 1.6 -->
	<Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.10" id="norEduPersonLegalName"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.5" id="norEduPersonNIN"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.4" id="norEduPersonLIN"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.6" id="norEduOrgAcronym"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.3" id="norEduPersonBirthDate"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.13" id="norEduPersonServiceAuthnLevel"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.14" id="norEduPersonAuthnMethod"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.7" id="norEduOrgUniqueIdentifier"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.8" id="norEduOrgUnitUniqueIdentifier"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.12" id="norEduOrgNIN"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.1" id="norEduOrgUniqueNumber"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.2" id="norEduOrgUnitUniqueNumber"/>

    <!-- Attributes from the European SCHema for ACademia (SCHAC) until version 1.5.0 -->
	<Attribute name="1.3.6.1.4.1.25178.1.2.1" id="schacMotherTongue"/>
	<Attribute name="1.3.6.1.4.1.25178.1.2.2" id="schacGender"/>
	<Attribute name="1.3.6.1.4.1.25178.1.2.3" id="schacDateOfBirth"/>
	<Attribute name="1.3.6.1.4.1.25178.1.2.4" id="schacPlaceOfBirth"/>
	<Attribute name="1.3.6.1.4.1.25178.1.2.5" id="schacCountryOfCitizenship"/>
	<Attribute name="1.3.6.1.4.1.25178.1.2.6" id="schacSn1"/>
	<Attribute name="1.3.6.1.4.1.25178.1.2.7" id="schacSn2"/>
	<Attribute name="1.3.6.1.4.1.25178.1.2.8" id="schacPersonalTitle"/>
	<Attribute name="1.3.6.1.4.1.25178.1.2.9" id="schacHomeOrganization"/>
	<Attribute name="1.3.6.1.4.1.25178.1.2.10" id="schacHomeOrganizationType"/>
	<Attribute name="1.3.6.1.4.1.25178.1.2.11" id="schacCountryOfResidence"/>
	<Attribute name="1.3.6.1.4.1.25178.1.2.12" id="schacUserPresenceID"/>
	<Attribute name="1.3.6.1.4.1.25178.1.2.13" id="schacPersonalPosition"/>
	<Attribute name="1.3.6.1.4.1.25178.1.2.14" id="schacPersonalUniqueCode"/>
	<Attribute name="1.3.6.1.4.1.25178.1.2.15" id="schacPersonalUniqueID"/>
	<Attribute name="1.3.6.1.4.1.25178.1.2.17" id="schacExpiryDate"/>
	<Attribute name="1.3.6.1.4.1.25178.1.2.18" id="schacUserPrivateAttribute"/>
	<Attribute name="1.3.6.1.4.1.25178.1.2.19" id="schacUserStatus"/>
	<Attribute name="1.3.6.1.4.1.25178.1.2.20" id="schacProjectMembership"/>
	<Attribute name="1.3.6.1.4.1.25178.1.2.21" id="schacProjectSpecificRole"/>

    <!-- Attributes from the late Swedish Alliance for Middleware Infrastructure (SWAMI) -->
	<!-- GMAI authorization tuples, mostly sent as eduPersonEntitlement (entitlement above) -->
	<Attribute name="1.2.752.104.2.3.1" id="swamiGmaiAssertion"/>
    <!-- Unique identifier for billing recipients -->
	<Attribute name="1.2.752.104.3.1.1" id="swamiBillingIdentifier"/>
	<!-- Identifying a recipient of a monetary transfer within a single financials system -->
	<Attribute name="1.2.752.104.3.1.2" id="swamiCostCenterIdentifier"/>
	
    <!-- Examples of standard LDAP-based attributes -->
    <Attribute name="urn:oid:2.5.4.3" id="cn"/>
    <Attribute name="urn:oid:2.5.4.4" id="sn"/>
    <Attribute name="urn:oid:2.5.4.42" id="givenName"/>
    <Attribute name="urn:oid:2.16.840.1.113730.3.1.241" id="displayName"/>
    <Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid"/>
    <Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/>
    <Attribute name="urn:oid:2.5.4.20" id="telephoneNumber"/>
    <Attribute name="urn:oid:2.5.4.12" id="title"/>
    <Attribute name="urn:oid:2.5.4.43" id="initials"/>
    <Attribute name="urn:oid:2.5.4.13" id="description"/>
    <Attribute name="urn:oid:2.16.840.1.113730.3.1.1" id="carLicense"/>
    <Attribute name="urn:oid:2.16.840.1.113730.3.1.2" id="departmentNumber"/>
    <Attribute name="urn:oid:2.16.840.1.113730.3.1.3" id="employeeNumber"/>
    <Attribute name="urn:oid:2.16.840.1.113730.3.1.4" id="employeeType"/>
    <Attribute name="urn:oid:2.16.840.1.113730.3.1.39" id="preferredLanguage"/>
    <Attribute name="urn:oid:0.9.2342.19200300.100.1.10" id="manager"/>
    <Attribute name="urn:oid:2.5.4.34" id="seeAlso"/>
    <Attribute name="urn:oid:2.5.4.23" id="facsimileTelephoneNumber"/>
    <Attribute name="urn:oid:2.5.4.9" id="street"/>
    <Attribute name="urn:oid:2.5.4.18" id="postOfficeBox"/>
    <Attribute name="urn:oid:2.5.4.17" id="postalCode"/>
    <Attribute name="urn:oid:2.5.4.8" id="st"/>
    <Attribute name="urn:oid:2.5.4.7" id="l"/>
    <Attribute name="urn:oid:2.5.4.10" id="o"/>
    <Attribute name="urn:oid:2.5.4.11" id="ou"/>
    <Attribute name="urn:oid:2.5.4.15" id="businessCategory"/>
    <Attribute name="urn:oid:2.5.4.19" id="physicalDeliveryOfficeName"/>
    <Attribute name="urn:oid:0.9.2342.19200300.100.1.43" id="friendlyCountryName"/>
    <Attribute name="urn:oid:2.5.4.6" id="countryName"/>


	
	<!-- Old SAML 1.1 attribute definitions not within SWAMID because all Identity Providers are SAML2 -->
	<!-- --------------------------------------------------------------------------------------------- -->
    <!-- A persistent id attribute that supports personalized anonymous access encoded via SAML 1.1. -->
    <!-- First, the deprecated/incorrect version, decoded as a scoped string: -->
    <!--
    <Attribute name="urn:mace:dir:attribute-def:eduPersonTargetedID" id="targeted-id">
        <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
        <!-- <AttributeDecoder xsi:type="NameIDFromScopedAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/> -->
    <!--
        </Attribute>
    -->
    <!-- Second, an alternate decoder that will decode the incorrect form into the newer form. -->
    <!--
    <Attribute name="urn:mace:dir:attribute-def:eduPersonTargetedID" id="persistent-id">
        <AttributeDecoder xsi:type="NameIDFromScopedAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
    </Attribute>
    -->
    
    <!-- eduPerson SAML 1.1 defined attributes until version 201203 -->
    <!--
    <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName" id="eppn">
        <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
    </Attribute>
    <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" id="affiliation">
        <AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/>
    </Attribute>
    <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation" id="unscoped-affiliation">
        <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
    </Attribute>
    <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement" id="entitlement"/>
    <Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" id="primary-affiliation">
        <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
    </Attribute>
    <Attribute name="urn:mace:dir:attribute-def:eduPersonNickname" id="nickname"/>
    <Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN" id="primary-orgunit-dn"/>
    <Attribute name="urn:mace:dir:attribute-def:eduPersonOrgUnitDN" id="orgunit-dn"/>
    <Attribute name="urn:mace:dir:attribute-def:eduPersonOrgDN" id="org-dn"/>
    -->

    <!-- SAML 1.1 defined attributes from the Nordic LDAP schema norEdu* until version 1.6 -->
    <!--
	<Attribute name="urn:mace:dir:attribute-def:norEduPersonLegalName" id="norEduPersonLegalName"/>
	<Attribute name="urn:mace:dir:attribute-def:norEduPersonNIN" id="norEduPersonNIN"/>
	<Attribute name="urn:mace:dir:attribute-def:norEduPersonLIN" id="norEduPersonLIN"/>
	<Attribute name="urn:mace:dir:attribute-def:norEduOrgAcronym" id="norEduOrgAcronym"/>
	<Attribute name="urn:mace:dir:attribute-def:norEduPersonBirthDate" id="norEduPersonBirthDate"/>
    <Attribute name="urn:mace:dir:attribute-def:norEduPersonServiceAuthnLevel" id="norEduPersonServiceAuthnLevel"/>
    <Attribute name="urn:mace:dir:attribute-def:norEduPersonAuthnMethod" id="norEduPersonAuthnMethod"/>
	<Attribute name="urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier" id="norEduOrgUniqueIdentifier"/>
	<Attribute name="urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier" id="norEduOrgUnitUniqueIdentifier"/>
	<Attribute name="urn:mace:dir:attribute-def:norEduOrgNIN" id="norEduOrgNIN"/>
	<Attribute name="urn:mace:dir:attribute-def:norEduOrgUniqueNumber" id="norEduOrgUniqueNumber"/>
	<Attribute name="urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber" id="norEduOrgUnitUniqueNumber"/>
    -->

    <!-- Examples of standard LDAP-based SAML 1.1 defined attributes -->
    <!--
    <Attribute name="urn:mace:dir:attribute-def:cn" id="cn"/>
    <Attribute name="urn:mace:dir:attribute-def:sn" id="sn"/>
    <Attribute name="urn:mace:dir:attribute-def:givenName" id="givenName"/>
    <Attribute name="urn:mace:dir:attribute-def:displayName" id="displayName"/>
    <Attribute name="urn:mace:dir:attribute-def:uid" id="uid"/>
    <Attribute name="urn:mace:dir:attribute-def:mail" id="mail"/>
    <Attribute name="urn:mace:dir:attribute-def:telephoneNumber" id="telephoneNumber"/>
    <Attribute name="urn:mace:dir:attribute-def:title" id="title"/>
    <Attribute name="urn:mace:dir:attribute-def:initials" id="initials"/>
    <Attribute name="urn:mace:dir:attribute-def:description" id="description"/>
    <Attribute name="urn:mace:dir:attribute-def:carLicense" id="carLicense"/>
    <Attribute name="urn:mace:dir:attribute-def:departmentNumber" id="departmentNumber"/>
    <Attribute name="urn:mace:dir:attribute-def:employeeNumber" id="employeeNumber"/>
    <Attribute name="urn:mace:dir:attribute-def:employeeType" id="employeeType"/>
    <Attribute name="urn:mace:dir:attribute-def:preferredLanguage" id="preferredLanguage"/>
    <Attribute name="urn:mace:dir:attribute-def:manager" id="manager"/>
    <Attribute name="urn:mace:dir:attribute-def:seeAlso" id="seeAlso"/>
    <Attribute name="urn:mace:dir:attribute-def:facsimileTelephoneNumber" id="facsimileTelephoneNumber"/>
    <Attribute name="urn:mace:dir:attribute-def:street" id="street"/>
    <Attribute name="urn:mace:dir:attribute-def:postOfficeBox" id="postOfficeBox"/>
    <Attribute name="urn:mace:dir:attribute-def:postalCode" id="postalCode"/>
    <Attribute name="urn:mace:dir:attribute-def:st" id="st"/>
    <Attribute name="urn:mace:dir:attribute-def:l" id="l"/>
    <Attribute name="urn:mace:dir:attribute-def:o" id="o"/>
    <Attribute name="urn:mace:dir:attribute-def:ou" id="ou"/>
    <Attribute name="urn:mace:dir:attribute-def:businessCategory" id="businessCategory"/>
    <Attribute name="urn:mace:dir:attribute-def:physicalDeliveryOfficeName" id="physicalDeliveryOfficeName"/>
    -->
	
</Attributes>