...
Expected attribute availability from an Identity Provider for attributes required by indication in metadata
| Attribute(s) | SAML2 Attribute Identifier | Comment |
|---|---|---|
| eduPersonTargetedID | urn:oid:1.3.6.1.4.1.5923.1.1.1.10 | |
| eduPersonPrincipalName | urn:oid:1.3.6.1.4.1.5923.1.1.1.6 | |
| eduPersonOrcid | urn:oid:1.3.6.1.4.1.5923.1.1.1.16 | |
| norEduPersonNIN | urn:oid:1.3.6.1.4.1.2428.90.1.5 | This attribute is for students systems that needs to be synchronised with the the student documentations system directly or indirectly. Within SWAMID norEduPersonNIN can besides Swedish Personal Numbers and Swedish Co-ordination Numbers also contain Interim Personal Numbers from the student documentation system Ladok and the Swedish national study enrolment system. SWAMID Identity Providers only release this attribute to services registered in SWAMID. |
| personalIdentityNumber | urn:oid:1.2.752.29.4.13 | Within SWAMID personalIdentityNumber only contain Swedish Personal Numbers or Swedish Co-ordination Numbers. SWAMID Identity Providers only release this attribute to services registered in SWAMID. |
| schacDateOfBirth | urn:oid:1.3.6.1.4.1.25178.1.2.3 | |
| urn:oid:0.9.2342.19200300.100.1.3 | Can be more than one address released but Identity Providers are recommended to release only one. | |
| displayName | urn:oid:2.16.840.1.113730.3.1.241 | |
| givenName | urn:oid:2.5.4.42 | |
| sn (aka surname) | urn:oid:2.5.4.4 | |
| cn (aka commonName) | urn:oid:2.5.4.3 | Due to that cn is use for different things in different in different identity management systems it's highly recommended to use the attribute displayName instead. |
| eduPersonAssurance | urn:oid:1.3.6.1.4.1.5923.1.1.1.11 | Services shall only expect this attribute to be available from Identity Providers within SWAMID. |
| eduPersonScopedAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.9 | |
| eduPersonAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.1 | Due to eduPersonAffiliations non domain scoped nature it's highly recommended to use the attribute eduPersonScopedAffiliation instead. |
| o (aka organizationName) | urn:oid:2.5.4.10 | This attribute is also be available as an metadata attribute. |
| norEduOrgAcronym | urn:oid:1.3.6.1.4.1.2428.90.1.6 | |
| c (aka countryName) | urn:oid:2.5.4.6 | |
| co (aka friendlyCountryName) | urn:oid:0.9.2342.19200300.100.1.43 | |
| schacHomeOrganization | urn:oid:1.3.6.1.4.1.25178.1.2.9 | |
| schacHomeOrganizationType | urn:oid:1.3.6.1.4.1.25178.1.2.10 |
Multivalued attributes that have different values for different services shall not be requested via metadata, examples of such attributes are eduPersonEntitlement, norEduPersonLIN and schacPersonalUniqueCode. The reason for this is that an Identity Provider may unintensional release sensitive information to services that are not eligable for these values. SWAMID recommends member Identity Providers to not release this type of attributes based on reqeusted attributes in metadata.
...