The following table shows the core identifier attributes documented by federations for IdPs and SPs. 

Note that those identified as core tend to be those that are specifically called out in federation documentation.  This does not mean that IdPs and SPs within the federation do not make use of other identifiers.



"Core" IdentifiersPositionReference
  • eduPersonTargetedID (a.k.a. SAML2 persistent NameID, urn:oid:, though: "the use of the eduPersonTargetedID attribute should be phased out and replaced in SAML 2.0 usage".
  • eduPersonPrincipalName (urn:oid:
  • mail (urn:oid:0.9.2342.19200300.100.1.3)
  • displayName (urn:oid:2.16.840.1.113730.3.1.241)
  • givenName (urn:oid:
  • sn/surname (urn:oid:
  • where applicable: Matrikelnummer (national student immatriculation number, as SCHAC personalUniqueCode attribute). Use should be limited to student administration systems
all IDPs should be able to generate the list of attributes specified (in the referenced documentation)

Make attributes available

Australia, AAF

Required that all IdPs are able to release

Belgium, Belnet R&E Federation

No specific recommendations found  
Canada - Canadian Access FederationNo specific recommendations found  
Croatia - AAI@EduHr
  • hrEduPersonUniqueID (mandatory)
  • uid (mandatory)
  • cn (mandatory)
  • sn (mandatory)
  • givenName (mandatory)
  • mail (mandatory)
  • hrEduPersonUniqueNumber (mandatory)
  • hrEduPersonOIB (mandatory)
  • hrEduPersonPersistentID  (mandatory)
  • hrEduPersonCardNum (optional)
Mandatory / optional as listed
Czech Republic -
  • eduPersonPrincipalName (required to populate)
  • cn (required to populate)
  • eduPersonTargetedID (required to populate)
  • givenName
  • sn
  • mail
As listed
Finland - Haka   
France - Fédération Éducation-Recherche   

Germany - DFN-AAI

Greece - GRNET AAI   

Ireland - Edugate


Italy - IDEM


Japan - GakuNin


Norway - FEIDE


Spain - SIR

Sweden - SWAMID
  • eduPersonPersistentID - (eptid)
  • eduPersonPrincipalName (eppn)
  • givenName, sn, displayName (or cn in some cases)
  • norEduPersonNIN
Switzerland - SWITCHaai
  • swissEduPersonUniqueID (urn:oid:2.16.756.
  • eduPersonTargetedID (a.k.a. SAML2 persistent NameID)
  • email, givenName, sn

The following ones only for interfederation enabled IdPs:

Core attributes are mandatory to implement, but not guaranteed to be available for all SPs.
The Netherlands - SurfConext

The user's identity is transmitted in the form of the NameID element of the SAML statement. Every Identity Provider must supply a NameID, but for privacy reasons SURFconext will generate a new one regardless. For convenience, this identifier is duplicated in the SAML attribute eduPersonTargetedID (see below). The two supported NameID types, for respectively persistent and transient NameID specifiers, are:

  • urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
  • urn:oasis:names:tc:SAML:2.0:nameid-format:transient
Supported as appropriate via central hub.
USA - InCommonList of attributes commonly used.
UK - UK Access Management Federation
  • eduPersonTargetedID
  • eduPersonPrincipalName
Recommended that IdPs are able to release.
  • No labels