Attribute Summary
A supported attribute is one that the IdP is able to release; that is, a supported attribute is a technical capability of a given IdP deployment. Whether or not an IdP will release any given attribute is a local policy decision.
IdPs are expected to support the following attributes:
- Identifiers
eduPersonPrincipalNameeduPersonTargetedID(a.k.a. SAML2 Persistent NameID)
- Mail attribute
mail
- Person name attributes
displayNamegivenNamesn(surname)
- Authorization attributes
eduPersonScopedAffiliationeduPersonEntitlement
See the eduPerson Object Class Specification for the formal definitions of the above attributes. Here's a brief summary of these attributes in tabular form:
Friendly Name Formal Names Datatype Multi? SAML1: urn:mace:dir:attribute-def:eduPersonPrincipalName String, scoped No SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.10 XML No SAML1: urn:mace:dir:attribute-def:mail String Yes SAML1: urn:mace:dir:attribute-def:displayName String No SAML1: urn:mace:dir:attribute-def:givenName String Yes SAML1: urn:mace:dir:attribute-def:sn String Yes SAML1: urn:mace:dir:attribute-def:eduPersonScopedAffiliation String, scoped enumerated Yes SAML1: urn:mace:dir:attribute-def:eduPersonEntitlement URI Yes
eduPersonPrincipalName
SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.6
eduPersonTargetedID
mail
SAML2: urn:oid:0.9.2342.19200300.100.1.3
displayName
SAML2: urn:oid:2.16.840.1.113730.3.1.241
givenName
SAML2: urn:oid:2.5.4.42
sn (surname)
SAML2: urn:oid:2.5.4.4
eduPersonScopedAffiliation
SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.9
eduPersonEntitlement
SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.7
Key:
- Friendly Name: A short, friendly name for the attribute
- Formal Names: The formal name of the attribute expressed on-the-wire in accordance with the SAML V2.0 LDAP/X.500 Attribute Profile
- Datatype: A brief, informal description of the value syntax of the attribute
- Multi?: Indicates whether or not the attribute is multi-valued