Supported Attribute Summary
A supported attribute is one that the IdP is able to release; that is, a supported attribute is a technical capability of a given IdP deployment. Whether or not an IdP will release any given attribute is a local policy decision.
As noted in the InCommon Participation Agreement, IdPs are expected to support the following attributes:
- Identifiers
eduPersonPrincipalName
eduPersonTargetedID
(a.k.a. SAML2 Persistent NameID)
- Mail attribute
- Person name attributes
displayName
givenName
sn
(surname)
- Authorization attributes
eduPersonScopedAffiliation
eduPersonEntitlement
See the eduPerson Object Class Specification for the formal definitions of each of the above attributes.
Summary of Attributes Supported by IdPs in the InCommon Federation
Friendly Name |
Formal Names |
Datatype |
Multi? |
eduPersonPrincipalName |
SAML1: urn:mace:dir:attribute-def:eduPersonPrincipalName SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.6 |
String, scoped |
No |
eduPersonTargetedID |
SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.10 |
XML |
No |
mail |
SAML1: urn:mace:dir:attribute-def:mail SAML2: urn:oid:0.9.2342.19200300.100.1.3 |
String |
Yes |
displayName |
SAML1: urn:mace:dir:attribute-def:displayName SAML2: urn:oid:2.16.840.1.113730.3.1.241 |
String |
No |
givenName |
SAML1: urn:mace:dir:attribute-def:givenName SAML2: urn:oid:2.5.4.42 |
String |
Yes |
sn (surname) |
SAML1: urn:mace:dir:attribute-def:sn SAML2: urn:oid:2.5.4.4 |
String |
Yes |
eduPersonScopedAffiliation |
SAML1: urn:mace:dir:attribute-def:eduPersonScopedAffiliation SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.9 |
String, scoped enumerated |
Yes |
eduPersonEntitlement |
SAML1: urn:mace:dir:attribute-def:eduPersonEntitlement SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.7 |
URI |
Yes |
|
Key:
- Friendly Name: A short, friendly name for the attribute
- Formal Names: The formal name of the attribute expressed on-the-wire in accordance with the SAML V2.0 LDAP/X.500 Attribute Profile
- Datatype: A brief, informal description of the value syntax of the attribute
- Multi?: Indicates whether or not the attribute is multi-valued