...
Strong match | Weak match | Remark | ||
OIDC | ||||
OICD OIDC Scope | OICD OIDC name | eduPerson name | ||
profile | sub | eduPersonPrincipalName eduPersonTargetedID/NameID eduPersonUniqueId | See 'Identifier' Claims mapping tab | |
name | cn displayName | Multi value issues? | ||
given_name | givenName | |||
family_name | sn (surname) | |||
middle_name | ||||
nickname | eduPersonNickname | EduPersonNickname not really used (?) | ||
preferred_username | displayName | |||
profile | labeledURI | description | labeledURI not really used (?) | |
picture | jpegPhoto | jpegPhoto not really used (?) | ||
website | ||||
gender | ||||
birthdate | optionally: schacYearOfBirth, schacDateOfBirth, but are these used? | |||
zoneinfo | l (localityName) | l (localityName) not really used (?) | ||
locale | preferredLanguage | |||
address | ||||
updated_at | Use SAML session info here? LDAP modify timestamp? | |||
email_verified | Can we assume an institution email with the domainname of the institution is verified? | |||
address | ||||
address | postalAddress | street | ||
postalCode | ||||
postOfficeBox | ||||
phone | ||||
phone_number | mobile, telephoneNumber | homePhone | ||
phone_number_verified | Can assume an institution phone nr provided by the IdP is verified? How would you know this is the IdP? |
...