These custom attributes are built and asserted by SATOSA, the login proxy (in addition to the standard attributes). They are available to all downstream apps, but a mapping must be in place for these apps to receive them.
urn:oid:1.3.6.1.4.1.5923.9999.1
This is the 'idpDisplayName' attribute and it comes from the <MDUI> element in metadata.
urn:oid:1.3.6.1.4.1.5923.9999.2
This is the 'idpEntityId' attribute and it comes from the actual assertion from the upstream IdP.
urn:oid:1.3.6.1.4.1.5923.9999.3
This is the 'idpOrgDisplayName' attribute and it comes from the <Organization> element in metadata.
urn:oid:1.3.6.1.4.1.5923.9999.4
This is the 'idpOrgName' attribute and it comes from the <Organization> element in metadata.
urn:oid:1.3.6.1.4.1.5923.9999.5
This is the 'loginID' attribute and it is built by the "Primary ID" module and contains the eppn used for logging into the current session.
urn:oid:1.3.6.1.4.1.5923.9999.6
This is the 'idpLogo' attribute and it comes from the <MDUI> element in metadata.
Snippet for Shibboleth SP's attribute-map.xml config file:
| Code Block | ||||
|---|---|---|---|---|
| ||||
<Attribute name="urn:oid:1.3.6.1.4.1.5923.9999.1" id="idpDisplayName"/> <Attribute name="urn:oid:1.3.6.1.4.1.5923.9999.2" id="idpEntityId"/> <Attribute name="urn:oid:1.3.6.1.4.1.5923.9999.3" id="idpOrgDisplayName"/> <Attribute name="urn:oid:1.3.6.1.4.1.5923.9999.4" id="idpOrgName"/> <Attribute name="urn:oid:1.3.6.1.4.1.5923.9999.5" id="loginID"/> <Attribute name="urn:oid:1.3.6.1.4.1.5923.9999.6" id="idpLogo"/> |
...