Jump to: 

Overview

cn is a user attribute defined in RFC4519 (Lightweight Directory Access Protocol (LDAP): Schema for User Applications). From RFC4519: "The cn (commonName in X.500) attribute type contains names of an object. Each name is one value of this multi-valued attribute. If the object corresponds to a person, it is typically the person's full name."


OID2.5.4.3
LDAP Syntax

Directory String

# of Valuesmulti-valued
ReferenceseduPerson, RFC4519

Use in the InCommon Federation

cn is commonly used to transmit a person's full name. As it is a multi-valued attribute, some IdPs may send multiple permutations of the person's name in the cn attribute.

SAML Response Example

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"         
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
                ID="...." Version="2.0" IssueInstant="2020-07-17T01:01:48Z" 
                Destination="...." InResponseTo="....">
 ...
 <saml:Assertion ...>
  ...
  <saml:AttributeStatement>
  <saml:Attribute xmlns:x500="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500"
                    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                    Name="urn:oid:2.5.4.3" 
                    FriendlyName="cn"
                    x500:Encoding="LDAP">
    <saml:AttributeValue xsi:type="xs:string">Mary Jane Chang</saml:AttributeValue>
    <saml:AttributeValue xsi:type="xs:string">Chang, Mary Jane</saml:AttributeValue>
  </saml:Attribute>
  ...
 </saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>


See Also