Versions Compared

Old Version 41

changes.mady.by.user Albert Wu (internet2.edu)

Saved on

compared with

New Version 42

changes.mady.by.user Albert Wu (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space federationedit and version 2.14

Jump to: 

Table of Contents
maxLevel1
exclude(On this page)|(In this section)|(Related content)|(Get help)
typeflat
separatorpipe

Overview

eduPersonPrincipalName (eppn) is a user identifier attribute defined in the eduPerson→ LDAP object class. It is a scoped identifier for a person. As this identifier is often used by humans to identify the person it represents, ePPN values are often, but not required to be, human-friendly, and may change as a result of various business processes.

OID2.5.4.42
LDAP Syntax

Directory String

# of Valuesmulti-valued
ReferenceseduPerson

Use in the InCommon Federation

eppn is supported in the InCommon Federation. It is widely used in InCommon as well as in global R&E federations.

eppn satisfies the REFEDS Research & Scholarship (R&S) entity category's requirement for a shared user identifier if it is non-assigned. If an eppn can be re-assigned, it must be sent along with eduPersonTargetedID to satisfy R&S's requirement for shard user identifier.  

IMPORTANT: an eppn is not an email address.

While an eppn's format appears similar to that of an email address, implementors MUST NOT assume that an eppn is a routable email address. If a service requires a user's email address, it MUST request it via a separate mail attribute. 

SAML Response Example

Code Block
languagexml
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"         
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
                ID="..." Version="2.0" IssueInstant="2020-07-17T01:01:48Z" 
                Destination="...." InResponseTo="...">
 ...
 <saml:Assertion ...>
  ...
   <saml:AttributeStatement>
    <saml:Attribute xmlns:x500="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500"
                    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                    Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" 
                    FriendlyName="eduPersonPrincipalName"
                    x500:Encoding="LDAP">
      <saml:AttributeValue xsi:type="xsd:string">mjc@example.edu</saml:AttributeValue>
   </saml:Attribute>
   ...
   </saml:AttributeStatement>
 </saml:Assertion>
</samlp:Response>


See Also



Working with user data

Content by Label
showLabelsfalse
max10
showSpacefalse
cqllabel = "inc-user-attribute" and space = currentSpace()

Related content

Content by Label
showLabelsfalse
max100
showSpacefalse
sorttitle
cqllabel = "inc-user-data-primer" and space = currentSpace()

Get help

Can't find what you are looking for?

Button Hyperlink
iconhelp
titleAsk the community
typeprimary
urlask-the-community