Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Jump to:
Table of Contents | ||||||||
---|---|---|---|---|---|---|---|---|
|
Overview
eduPersonPrincipalName
(eppn
) is a user identifier attribute defined in the eduPerson→ LDAP object class. It is a scoped identifier for a person. As this identifier is often used by humans to identify the person it represents, ePPN values are often, but not required to be, human-friendly, and may change as a result of various business processes.
OID | 2.5.4.421.3.6.1.4.1.5923.1.1.1.6 |
---|---|
LDAP Syntax | Directory String |
# of Values | multi-valued |
References | eduPerson→ |
Use in the InCommon Federation
eppn
is supported in the InCommon Federation. It is widely used in InCommon as well as in global R&E federations.
eppn
satisfies the REFEDS Research & Scholarship (R&S) entity category's requirement for a shared user identifier if it is non-assigned. If an eppn
can be re-assigned, it must be sent along with eduPersonTargetedID
to satisfy R&S's requirement for shard user identifier.
IMPORTANT: an eppn is not an email address.
While an eppn's format appears similar to that of an email address, implementors MUST NOT assume that an eppn
is a routable email address. If a service requires a user's email address, it MUST request it via a separate mail
attribute.
SAML Response Example
Code Block | ||
---|---|---|
| ||
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="..." Version="2.0" IssueInstant="2020-07-17T01:01:48Z" Destination="...." InResponseTo="..."> ... <saml:Assertion ...> ... <saml:AttributeStatement> <saml:Attribute xmlns:x500="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" FriendlyName="eduPersonPrincipalName" x500:Encoding="LDAP"> <saml:AttributeValue xsi:type="xsd:string">mjc@example.edu</saml:AttributeValue> </saml:Attribute> ... </saml:AttributeStatement> </saml:Assertion> </samlp:Response> |
See Also
- eduPersonTargetedID
- user-attr-eppn
- user-attr-subject-id
- user-attr-pairwise-id
- understanding-federated-user-identifiers
Working with user data
Content by Label | ||||||||
---|---|---|---|---|---|---|---|---|
|
Related content
Content by Label | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
Get help
Can't find what you are looking for?
Button Hyperlink | ||||||||
---|---|---|---|---|---|---|---|---|
|