Attribute Summary
Supported Attributes
A supported attribute is one that the IdP is able to release; that is, a supported attribute is a technical capability of a given IdP deployment. Whether or not an IdP will release any given attribute is a local policy decision.
IdPs are expected to support the following attributes:
- Identifiers
eduPersonPrincipalName
eduPersonTargetedID
(a.k.a. SAML2 Persistent NameID)
- Mail attribute
mail
- Person name attributes
displayName
givenName
sn
(surname)
- Authorization attributes
eduPersonScopedAffiliation
eduPersonEntitlement
Friendly Name Formal Names Datatype Multi? SAML1: urn:mace:dir:attribute-def:eduPersonPrincipalName String, scoped No SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.10 XML No SAML1: urn:mace:dir:attribute-def:mail String Yes SAML1: urn:mace:dir:attribute-def:displayName String No SAML1: urn:mace:dir:attribute-def:givenName String Yes SAML1: urn:mace:dir:attribute-def:sn String Yes SAML1: urn:mace:dir:attribute-def:eduPersonScopedAffiliation String, scoped enumerated Yes SAML1: urn:mace:dir:attribute-def:eduPersonEntitlement URI Yes
eduPersonPrincipalName
SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.6
eduPersonTargetedID
mail
SAML2: urn:oid:0.9.2342.19200300.100.1.3
displayName
SAML2: urn:oid:2.16.840.1.113730.3.1.241
givenName
SAML2: urn:oid:2.5.4.42
sn
(surname)
SAML2: urn:oid:2.5.4.4
eduPersonScopedAffiliation
SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.9
eduPersonEntitlement
SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.7