Attribute Summary
Supported Attributes
A supported attribute is one that the IdP is able to release; that is, a supported attribute is a technical capability of a given IdP deployment. Whether or not an IdP will release any given attribute is a local policy decision.
IdPs are expected to support the following attributes:
- Identifiers
eduPersonPrincipalNameeduPersonTargetedID (a.k.a. SAML2 Persistent NameID)
- Mail attribute
- Person name attributes
displayNamegivenNamesn (surname)
- Authorization attributes
eduPersonScopedAffiliationeduPersonEntitlement
Friendly Name |
Formal Names |
Datatype |
Multi? |
eduPersonPrincipalName |
SAML1: urn:mace:dir:attribute-def:eduPersonPrincipalName
SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.6 |
String, scoped |
No |
eduPersonTargetedID |
SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.10 |
XML |
No |
mail |
SAML1: urn:mace:dir:attribute-def:mail
SAML2: urn:oid:0.9.2342.19200300.100.1.3 |
String |
Yes |
displayName |
SAML1: urn:mace:dir:attribute-def:displayName
SAML2: urn:oid:2.16.840.1.113730.3.1.241 |
String |
No |
givenName |
SAML1: urn:mace:dir:attribute-def:givenName
SAML2: urn:oid:2.5.4.42 |
String |
Yes |
sn (surname) |
SAML1: urn:mace:dir:attribute-def:sn
SAML2: urn:oid:2.5.4.4 |
String |
Yes |
eduPersonScopedAffiliation |
SAML1: urn:mace:dir:attribute-def:eduPersonScopedAffiliation
SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.9 |
String, scoped enumerated |
Yes |
eduPersonEntitlement |
SAML1: urn:mace:dir:attribute-def:eduPersonEntitlement
SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.7 |
URI |
Yes |
|