Child pages
  • Identifiers Used in Federations
Skip to end of metadata
Go to start of metadata

The following table shows the core identifier attributes documented by federations for IdPs and SPs. 

Note that those identified as core tend to be those that are specifically called out in federation documentation.  This does not mean that IdPs and SPs within the federation do not make use of other identifiers.

 

Federation

"Core" IdentifiersPositionReference
ACOnet, eduID.at
  • eduPersonTargetedID (a.k.a. SAML2 persistent NameID, urn:oid:1.3.6.1.4.1.5923.1.1.1.10), though: "the use of the eduPersonTargetedID attribute should be phased out and replaced in SAML 2.0 usage".
  • eduPersonPrincipalName (urn:oid:1.3.6.1.4.1.5923.1.1.1.6)
  • mail (urn:oid:0.9.2342.19200300.100.1.3)
  • displayName (urn:oid:2.16.840.1.113730.3.1.241)
  • givenName (urn:oid:2.5.4.42)
  • sn/surname (urn:oid:2.5.4.4)
  • where applicable: Matrikelnummer (national student immatriculation number, as SCHAC personalUniqueCode attribute). Use should be limited to student administration systems
all IDPs should be able to generate the list of attributes specified (in the referenced documentation)

Make attributes available
https://wiki.univie.ac.at/display/federation/Attributes

Australia, AAF

Required that all IdPs are able to releasehttp://aaf.edu.au/technical/aaf-core-attributes/

Belgium, Belnet R&E Federation

No specific recommendations found  
Canada - Canadian Access FederationNo specific recommendations found  
Croatia - AAI@EduHr
  • hrEduPersonUniqueID (mandatory)
  • uid (mandatory)
  • cn (mandatory)
  • sn (mandatory)
  • givenName (mandatory)
  • mail (mandatory)
  • hrEduPersonUniqueNumber (mandatory)
  • hrEduPersonOIB (mandatory)
  • hrEduPersonPersistentID  (mandatory)
  • hrEduPersonCardNum (optional)
Mandatory / optional as listedhttp://shema.aaiedu.hr/shema/
Czech Republic - eduID.cz
  • eduPersonPrincipalName (required to populate)
  • cn (required to populate)
  • eduPersonTargetedID (required to populate)
  • givenName
  • sn
  • mail
As listedhttp://eduid.cz/cs/tech/attributes
Finland - Haka   
France - Fédération Éducation-Recherche   

Germany - DFN-AAI

   
Greece - GRNET AAI   

Ireland - Edugate

   

Italy - IDEM

   

Japan - GakuNin

   

Norway - FEIDE

   

Spain - SIR

   
Sweden - SWAMID
  • eduPersonPersistentID - (eptid)
  • eduPersonPrincipalName (eppn)
  • givenName, sn, displayName (or cn in some cases)
  • norEduPersonNIN
 https://portal.nordu.net/display/SWAMID/Attribute+Profile
Switzerland - SWITCHaai
  • swissEduPersonUniqueID (urn:oid:2.16.756.1.2.5.1.1.1)
  • eduPersonTargetedID (a.k.a. SAML2 persistent NameID)
  • email, givenName, sn

The following ones only for interfederation enabled IdPs:

Core attributes are mandatory to implement, but not guaranteed to be available for all SPs.https://www.switch.ch/aai/attributes/
The Netherlands - SurfConext

The user's identity is transmitted in the form of the NameID element of the SAML statement. Every Identity Provider must supply a NameID, but for privacy reasons SURFconext will generate a new one regardless. For convenience, this identifier is duplicated in the SAML attribute eduPersonTargetedID (see below). The two supported NameID types, for respectively persistent and transient NameID specifiers, are:

  • urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
  • urn:oasis:names:tc:SAML:2.0:nameid-format:transient
Supported as appropriate via central hub.https://wiki.surfnet.nl/display/surfconextdev/Attributes+in+SURFconext
USA - InCommonList of attributes commonly used.http://www.incommon.org/federation/attributesummary.html.
UK - UK Access Management Federation
  • eduPersonTargetedID
  • eduPersonPrincipalName
Recommended that IdPs are able to release.http://www.ukfederation.org.uk/library/uploads/Documents/recommendations-for-use-of-personal-data.pdf.
  • No labels