You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Next »

The configuration file attribute-map.xml tells the Shibboleth software which attribute types exists in a federation and how to decode and present that information to applications.

Within the SWAMID community we have defined an SWAMID standard attribute-map.xml for Shibboleth Service Provider 2.x. This attribute-map.xml is more extensive than the attribute-map.xml that is part of the distribution. Please replace the installed attribute-map.xml with the file that is available on this page.

Important information

Please note that every attribute in attribute-map.xml with result in a header sent to backend if ShibUseHeaders is enabled (two if metadataAttributePrefix is defined). The limit on number of request headers and size of the request header may have to be modified in backends (LimitRequestFields/LimitRequestFieldSize in Apache HTTPD Server, maxHeaderCount/maxHttpHeaderSize in Apache Tomcat Connectors).

Download SWAMID standard attribute-map.xml.

 

attribute-map.xml
<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

    <!--
    SWAMID standard attribute-map.xml for SAML 2.0
    ==============================================
    The mappings are agreed to within the Shibboleth community or directly LDAP attribute names.

    Version: 2016-05-10

    REMEMBER to notify SWAMID saml-admins list when updating this file!
    -->

    <!-- A persistent id attribute that supports personalized anonymous access. -->
    <!-- First, the eduPerson version with OID-style name: -->
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" id="persistent-id">
        <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
    </Attribute>
    <!-- Second, the SAML 2.0 NameID Format: -->
    <Attribute name="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" id="persistent-id">
        <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
    </Attribute>

    <!-- eduPerson attributes until version 201602 -->
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" id="eppn">
        <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
    </Attribute>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.12" id="prior-eppn">
        <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
    </Attribute>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" id="affiliation">
        <AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/>
    </Attribute>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" id="unscoped-affiliation">
        <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
    </Attribute>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" id="entitlement"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" id="primary-affiliation">
        <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
    </Attribute>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" id="nickname"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.8" id="primary-orgunit-dn"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.4" id="orgunit-dn"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.3" id="org-dn"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" id="assurance"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" id="unique-id"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.16" id="orcid"/>

    <!-- eduMember attributes until version 200507 -->
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.5.1.1" id="member"/>

    <!-- eduCourse attributes until version 200507 -->
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.6.1.1" id="eduCourseOffering"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.6.1.2" id="eduCourseMember"/>

    <!-- Attributes from the Nordic LDAP schema norEdu* until version 1.6 -->
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.10" id="norEduPersonLegalName"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.5" id="norEduPersonNIN"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.4" id="norEduPersonLIN"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.6" id="norEduOrgAcronym"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.3" id="norEduPersonBirthDate"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.13" id="norEduPersonServiceAuthnLevel"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.14" id="norEduPersonAuthnMethod"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.7" id="norEduOrgUniqueIdentifier"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.8" id="norEduOrgUnitUniqueIdentifier"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.12" id="norEduOrgNIN"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.1" id="norEduOrgUniqueNumber"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.2" id="norEduOrgUnitUniqueNumber"/>

    <!-- Attributes from the European SCHema for ACademia (SCHAC) until version 1.5.0 -->
    <Attribute name="1.3.6.1.4.1.25178.1.2.1" id="schacMotherTongue"/>
    <Attribute name="1.3.6.1.4.1.25178.1.2.2" id="schacGender"/>
    <Attribute name="1.3.6.1.4.1.25178.1.2.3" id="schacDateOfBirth"/>
    <Attribute name="1.3.6.1.4.1.25178.1.2.4" id="schacPlaceOfBirth"/>
    <Attribute name="1.3.6.1.4.1.25178.1.2.5" id="schacCountryOfCitizenship"/>
    <Attribute name="1.3.6.1.4.1.25178.1.2.6" id="schacSn1"/>
    <Attribute name="1.3.6.1.4.1.25178.1.2.7" id="schacSn2"/>
    <Attribute name="1.3.6.1.4.1.25178.1.2.8" id="schacPersonalTitle"/>
    <Attribute name="1.3.6.1.4.1.25178.1.2.9" id="schacHomeOrganization"/>
    <Attribute name="1.3.6.1.4.1.25178.1.2.10" id="schacHomeOrganizationType"/>
    <Attribute name="1.3.6.1.4.1.25178.1.2.11" id="schacCountryOfResidence"/>
    <Attribute name="1.3.6.1.4.1.25178.1.2.12" id="schacUserPresenceID"/>
    <Attribute name="1.3.6.1.4.1.25178.1.2.13" id="schacPersonalPosition"/>
    <Attribute name="1.3.6.1.4.1.25178.1.2.14" id="schacPersonalUniqueCode"/>
    <Attribute name="1.3.6.1.4.1.25178.1.2.15" id="schacPersonalUniqueID"/>
    <Attribute name="1.3.6.1.4.1.25178.1.2.17" id="schacExpiryDate"/>
    <Attribute name="1.3.6.1.4.1.25178.1.2.18" id="schacUserPrivateAttribute"/>
    <Attribute name="1.3.6.1.4.1.25178.1.2.19" id="schacUserStatus"/>
    <Attribute name="1.3.6.1.4.1.25178.1.2.20" id="schacProjectMembership"/>
    <Attribute name="1.3.6.1.4.1.25178.1.2.21" id="schacProjectSpecificRole"/>

    <!-- Attributes from the late Swedish Alliance for Middleware Infrastructure (SWAMI) -->
    <!-- GMAI authorization tuples, mostly sent as eduPersonEntitlement (entitlement above) -->
    <Attribute name="1.2.752.104.2.3.1" id="swamiGmaiAssertion"/>
    <!-- Unique identifier for billing recipients -->
    <Attribute name="1.2.752.104.3.1.1" id="swamiBillingIdentifier"/>
    <!-- Identifying a recipient of a monetary transfer within a single financials system -->
    <Attribute name="1.2.752.104.3.1.2" id="swamiCostCenterIdentifier"/>

    <!-- Examples of standard LDAP-based attributes -->
    <Attribute name="urn:oid:2.5.4.3" id="cn"/>
    <Attribute name="urn:oid:2.5.4.4" id="sn"/>
    <Attribute name="urn:oid:2.5.4.42" id="givenName"/>
    <Attribute name="urn:oid:2.16.840.1.113730.3.1.241" id="displayName"/>
    <Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid"/>
    <Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/>
    <Attribute name="urn:oid:2.5.4.20" id="telephoneNumber"/>
    <Attribute name="urn:oid:2.5.4.12" id="title"/>
    <Attribute name="urn:oid:2.5.4.43" id="initials"/>
    <Attribute name="urn:oid:2.5.4.13" id="description"/>
    <Attribute name="urn:oid:2.16.840.1.113730.3.1.1" id="carLicense"/>
    <Attribute name="urn:oid:2.16.840.1.113730.3.1.2" id="departmentNumber"/>
    <Attribute name="urn:oid:2.16.840.1.113730.3.1.3" id="employeeNumber"/>
    <Attribute name="urn:oid:2.16.840.1.113730.3.1.4" id="employeeType"/>
    <Attribute name="urn:oid:2.16.840.1.113730.3.1.39" id="preferredLanguage"/>
    <Attribute name="urn:oid:0.9.2342.19200300.100.1.10" id="manager"/>
    <Attribute name="urn:oid:2.5.4.34" id="seeAlso"/>
    <Attribute name="urn:oid:2.5.4.23" id="facsimileTelephoneNumber"/>
    <Attribute name="urn:oid:2.5.4.9" id="street"/>
    <Attribute name="urn:oid:2.5.4.18" id="postOfficeBox"/>
    <Attribute name="urn:oid:2.5.4.17" id="postalCode"/>
    <Attribute name="urn:oid:2.5.4.8" id="st"/>
    <Attribute name="urn:oid:2.5.4.7" id="l"/>
    <Attribute name="urn:oid:2.5.4.10" id="o"/>
    <Attribute name="urn:oid:2.5.4.11" id="ou"/>
    <Attribute name="urn:oid:2.5.4.15" id="businessCategory"/>
    <Attribute name="urn:oid:2.5.4.19" id="physicalDeliveryOfficeName"/>
    <Attribute name="urn:oid:0.9.2342.19200300.100.1.43" id="friendlyCountryName"/>
    <Attribute name="urn:oid:2.5.4.6" id="countryName"/>

</Attributes>
  • No labels