Overview

This page gives some examples of how attributes which are asserted by social identity providers (via both OAuth and OpenID) could be mapped to MACE-Dir/SAML attributes.

Examples

Facebook Mappings

MACE-Dir SAML Attribute

OAuth Attribute

Example Value

Notes

givenName

facebook.first_name

Lucas

 

sn

facebook.last_name

Rockwell

 

displayName

facebook.name

Lucas Rockwell

See cn below, as well.

cn

facebook_cn

Lucas Rockwell

Duplicate of displayName.

mail

facebook.email

lr@lucasrockwell.com

 

uid

facebook.username

lucasrockwell

Can be blank, and a user can change this once for the lifetime of their account.

eduPersonPrincipalName

facebook_user

lucasrockwell@facebook.com

 

eduPersonTargetedID

facebook_targetedID

http://facebook.com!12...71

 

OpenID (Google) Mappings

MACE-Dir SAML Attribute

OpenID Attribute

Example Value

Notes

givenName

http://axschema.org/namePerson/first

Lucas

 

sn

http://axschema.org/namePerson/last

Rockwell

 

displayName

 

 

Google does not provide displayName

cn

 

 

Google does not provide cn

mail

openid.sreg.email

lucasrockwell@gmail.com

 

uid

 

 

Google does not provide uid

eduPersonPrincipalName

http://axschema.org/contact/email

lucasrockwell@gmail.com

Using http://axschema.org/contact/email for ePPN works for Google, but perhaps not other OpenID providers.

eduPersonTargetedID

openid

 

LinkedIn Mappings

MACE-Dir SAML Attribute

OpenID Attribute

Example Value

Notes

givenName

linkedin.firstName

Lucas

 

sn

linkedin.lastName

Rockwell

 

displayName

 

 

LinkedIn does not provide displayName

cn

 

 

LinkedIn does not provide cn

mail

 

 

LinkedIn does not provide mail

uid

linkedin.id

Y...r

 

eduPersonPrincipalName

linkedin_user

Y...r@linkedin.com

Local part is the same value as linkedin.id

eduPersonTargetedID

linkedin_targetedID

http://linkedin.com!Y...r

Unique value is the same value as linkedin.id

Twitter Mappings

MACE-Dir SAML Attribute

OpenID Attribute

Example Value

Notes

givenName

 

 

Twitter does not provide givenName

sn

 

 

Twitter does not provide sn

displayName

twitter.name

Lucas Rockwell

 

cn

twitter.name

Lucas Rockwell

 

mail

 

 

Twitter does not provide mail

uid

twitter.screen_name

lucasrockwell

 

eduPersonPrincipalName

twitter_screen_n_realm

lucasrockwell@twitter.com

 

eduPersonTargetedID

twitter_targetedID

http://twitter.com!1...5

 

Windows Live Mappings

MACE-Dir SAML Attribute

OpenID Attribute

Example Value

Notes

givenName

windowslive.FirstName

Lucas

 

sn

windowslive.LastName

Rockwell

 

displayName

 

 

Windows Live does not provide displayName

cn

 

 

Windows Live does not provide cn

mail

windowslive_mail

lr@lucasrockwell.com

This is not necessarily an address @hotmail.com.

uid

windowslive_uid

fd...89

 

eduPersonPrincipalName

windowslive_user

fd...89@windowslive.com

Local part is the same value as windowslive_uid

eduPersonTargetedID

windowslive_targetedID

http://windowslive.com!fd...89

Unique value is the same value as windowslive_uid

It has not been verified, but the values for eduPersonTargetedID probably are not valid Internet2 {{eduPersonTargetedID}}s because they do not appear to be unique for person and service, i.e., for most of them, the targeted ID is the same for all services for the same person.