Supported Attribute Summary
A supported attribute is one that the IdP is able to release; that is, a supported attribute is a technical capability of a given IdP deployment. Whether or not an IdP will release any given attribute is a local policy decision.
As noted in the InCommon Participation Agreement, IdPs are expected to support the following attributes:
- Identifiers
eduPersonPrincipalName
eduPersonTargetedID
(a.k.a. SAML2 Persistent NameID)
- Mail attribute
mail
- Person name attributes
displayName
givenName
sn
(surname)
- Authorization attributes
eduPersonScopedAffiliation
eduPersonEntitlement
See the eduPerson Object Class Specification for the formal definitions of each of the above attributes.
Summary of Attributes Supported by IdPs in the InCommon Federation
Friendly Name Formal Names Datatype Multi? SAML1: urn:mace:dir:attribute-def:eduPersonPrincipalName String, scoped No SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.10 XML No SAML1: urn:mace:dir:attribute-def:mail String Yes SAML1: urn:mace:dir:attribute-def:displayName String No SAML1: urn:mace:dir:attribute-def:givenName String Yes SAML1: urn:mace:dir:attribute-def:sn String Yes SAML1: urn:mace:dir:attribute-def:eduPersonScopedAffiliation String, scoped enumerated Yes SAML1: urn:mace:dir:attribute-def:eduPersonEntitlement URI Yes
eduPersonPrincipalName
SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.6
eduPersonTargetedID
mail
SAML2: urn:oid:0.9.2342.19200300.100.1.3
displayName
SAML2: urn:oid:2.16.840.1.113730.3.1.241
givenName
SAML2: urn:oid:2.5.4.42
sn
(surname)
SAML2: urn:oid:2.5.4.4
eduPersonScopedAffiliation
SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.9
eduPersonEntitlement
SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.7
Key:
- Friendly Name: A short, friendly name for the attribute
- Formal Names: The formal name of the attribute expressed on-the-wire in accordance with the SAML V2.0 LDAP/X.500 Attribute Profile
- Datatype: A brief, informal description of the value syntax of the attribute
- Multi?: Indicates whether or not the attribute is multi-valued