Introduction
These pages present the result of initial discussions, both within the working group as well as at a session at EWTI (link), around creating a mapping between SAML (spec) identifiers and attributes as these are commonly used in Research and Education identity federations and OpenID Connect (OIDC) (spec) identifiers and claims and vise-versa
The basis for the set of attributes is derived from the commonly used attributes in the eduPerson Schema (eduPerson), with some additional attributes from the SCHAC schema (SCHAC). No attempts was made to cover the full attribute set of both eduPERSON and SCHAC Schema, but rather it was attempted to initially create a mapping for what was perceived as the most commonly used attributes.
This document focusses on two aspects of mapping between OIDC and SAML:
- Transforming Identifiers between OIDC and SAML
- Mapping SAML attributes to OIDC Claims
One of the first tasks the OIDCre group engaged with is to discuss and document a consistent way for mapping identifiers (sub) and attributes (claims) between SAML and OIDC, in the context of how we use these in the R&E community.
Most of the discussion can be found in the OIDCre mailing list archives (https://lists.refeds.org/sympa/arc/oidcre)
These discussion have lead to the creation of a (DRAFT) recommendation, which is currently (July 2018) under discussion and is supposed to be presented to the REFEDs community for formal consultation by Oct 2018 at REFEDS39
DRAFT
- White Paper for implementation of mappings between SAML 2.0 and OpenID Connect in Research and Education - https://docs.google.com/document/d/1b-Mlet3Lq7qKLEf1BnHJ4nL1fq-vMe7fzpXyrq2wp08/edit?usp=sharing
CONSULTATION
FINAL