Child pages
  • Mapping SAML attributes to OIDC Claims

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  Strong matchWeak matchRemark
OIDC    
OICD OIDC ScopeOICD OIDC nameeduPerson name  
profilesub 

eduPersonPrincipalName

eduPersonTargetedID/NameID

eduPersonUniqueId

See 'Identifier' Claims mapping tab
 name cn displayNameMulti value issues?
 given_namegivenName  
 family_namesn (surname)  
 middle_name   
 nicknameeduPersonNickname EduPersonNickname not really used (?)
 preferred_usernamedisplayName  
 profilelabeledURIdescriptionlabeledURI not really used (?)
 picturejpegPhoto jpegPhoto not really used (?)
 website   
 gender   
 birthdate  optionally: schacYearOfBirth, schacDateOfBirth, but are these used?
 zoneinfol (localityName) l (localityName) not really used (?)
 localepreferredLanguage  
 address   
 updated_at  Use SAML session info here? LDAP modify timestamp?
email    
 emailmail  
 email_verified  Can we assume an institution email with the domainname of the institution is verified?
address    
 addresspostalAddressstreet 
  postalCode  
  postOfficeBox  
phone    
 phone_numbermobile, telephoneNumberhomePhone 
 phone_number_verified  

Can assume an institution phone nr provided by the IdP is verified?

How would you know this is the IdP?

...