Versions Compared

Old Version 8

changes.mady.by.user 128507@ucsf.edu

Saved on

compared with

New Version 9

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This page gives some examples of how attributes which are asserted by social identity providers (via both OAuth and OpenID) could be mapped to MACE-Dir/SAML attributes.

Examples

Note
titleCaution

It has not been verified, but the values for eduPersonTargetedID probably are not valid values for Internet2 eduPersonTargetedID because they do not appear to be In most cases, it still needs to be verified whether the value for eduPersonTargetedID is unique for a given person and service, i.e., for most of them, the targeted ID is the same for all services for the same person.

Facebook Mappings

MACE-Dir SAML Attribute

OAuth Attribute

Example Value

Notes

givenName

facebook.first_name

Lucas

 

sn

facebook.last_name

Rockwell

 

displayName

facebook.name

Lucas Rockwell

See cn below, as well.

cn

facebook_cn

Lucas Rockwell

Duplicate of displayName.

mail

facebook.email

lr@lucasrockwell.com

 

uid

facebook.username

lucasrockwell

Can be blank, and a user can change this once for the lifetime of their account.

eduPersonPrincipalName

facebook_user

lucasrockwell@facebook.com

 

eduPersonTargetedID

facebook_targetedID

http://facebook.com!12...71

 

...

MACE-Dir SAML Attribute

OpenID Attribute

Example Value

Notes

givenName

http://axschema.org/namePerson/first

Lucas

 

sn

http://axschema.org/namePerson/last

Rockwell

 

displayName

 

 

Google does not provide displayName

cn

 

 

Google does not provide cn

mail

openid.sreg.email

lucasrockwell@gmail.com

 

uid

 

 

Google does not provide uid

eduPersonPrincipalName

http://axschema.org/contact/email

lucasrockwell@gmail.com

Using http://axschema.org/contact/email for ePPN works for Google, but perhaps not other OpenID providers.

eduPersonTargetedID

openid

Private Personal Identifier (PPID)

An opaque, per-SP identifier, just like ePTID  

LinkedIn Mappings

MACE-Dir SAML Attribute

OpenID Attribute

Example Value

Notes

givenName

linkedin.firstName

Lucas

 

sn

linkedin.lastName

Rockwell

 

displayName

 

 

LinkedIn does not provide displayName

cn

 

 

LinkedIn does not provide cn

mail

 

 

LinkedIn does not provide mail

uid

linkedin.id

Y...r

 

eduPersonPrincipalName

linkedin_user

Y...r@linkedin.com

Local part is the same value as linkedin.id

eduPersonTargetedID

linkedin_targetedID

http://linkedin.com!Y...r

Unique value is the same value as linkedin.id

...