Jump to:

Overview

cn is a user attribute defined in RFC4519→ (Lightweight Directory Access Protocol (LDAP): Schema for User Applications). From RFC4519: "The cn (commonName in X.500) attribute type contains names of an object. Each name is one value of this multi-valued attribute. If the object corresponds to a person, it is typically the person's full name."

OID	2.5.4.3
LDAP Syntax	Directory String
# of Values	multi-valued
References	eduPerson →, RFC4519 →

Use in the InCommon Federation

cn is commonly used to transmit a person's full name. As it is a multi-valued attribute, some IdPs may send multiple permutations of the person's name in the cn attribute.

SAML Response Example

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"         
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
                ID="...." Version="2.0" IssueInstant="2020-07-17T01:01:48Z" 
                Destination="...." InResponseTo="....">
 ...
 <saml:Assertion ...>
  ...
  <saml:AttributeStatement>
  <saml:Attribute xmlns:x500="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500"
                    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                    Name="urn:oid:2.5.4.3" 
                    FriendlyName="cn"
                    x500:Encoding="LDAP">
    <saml:AttributeValue xsi:type="xs:string">Mary Jane Chang</saml:AttributeValue>
    <saml:AttributeValue xsi:type="xs:string">Chang, Mary Jane</saml:AttributeValue>
  </saml:Attribute>
  ...
 </saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>

Working with user data

Get help

Can't find what you are looking for?

help Ask the community

Page tree

Overview

Use in the InCommon Federation

SAML Response Example

Working with user data

Related content

Get help

Page tree

user-attr-cn

Overview

Use in the InCommon Federation

SAML Response Example

Working with user data

Related content

Get help