Versions Compared

Old Version 5

changes.mady.by.user Andrijana Todosijevic

Saved on

compared with

New Version Current

changes.mady.by.user Lukas Haemmerle

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Which are the Recommended Attributes?
  2. Configure the Shibboleth IdP to release the Recommended Attributes to an example Service Provider.
  3. Test the release of the recommended attributes to the example Service Provider.


Anchor
Recommended Attributes in eduGAIN
Recommended Attributes in eduGAIN

Recommended Attributes in eduGAIN

The eduGAIN Attribute Profile recommends that Identity Providers implement the following attributes for all usersThe following set of attributes is recommended to implement for all eduGAIN Identity Providers as it contains the most commonly used attributes:

AttributeDescription
eduPersonTargetedID/persistentIDUnique, persistent, opaque and targeted identifier of the user.
 

(Serialized) Example: https://aai-logon.switch.ch/idp/shibboleth!https://filesender.funet.fi!yrVdvdAmohZY+cE6dcGvqu/Dubc=
eduPersonPrincipalNameUnique, persistent identifier of the user. 

Example: jdoe@example.org
displayNameName and Surname of the user. 

Example: John Doe
commonNameName and Surname of the user. Could be multi-valued but it is recommended to have only one value.

Example: Johne Doe
mailUser's personal eMail address.

Example: john.doe@example.org
eduPersonAffiliationSee the Controlled Vocabolaries. Multi-valued.

Example: student;member or staff;member
eduPersonScopedAffiliationSee the Controlled Vocabolaries. Multi-valued.

Example: staff@example.org;member@example.org
schacHomeOrganizationExample: example.org
schacHomeOrganizationTypeSee the Controlled Vocabolaries. 

Example: urn:schac:homeOrganizationType:int:university

This attribute is unfortunately underspecified. Therefore, this attribute is of little use as of 2015.


Anchor
How_to_configure_Shibboleth_to_support_the_recommended_attributes
How_to_configure_Shibboleth_to_support_the_recommended_attributes

How to configure the Recommended Attributes

...

Instead of manually configuring attribute release rules, you may also consider implementing the Data Protection Code of Conduct that that helps to automatically release attributes to a particular Service Provider that signed the Code of Conduct.


Anchor
How_to_test_the_release_of_the_recommended_attributes_to_the_TestShib_Service_Provider
How_to_test_the_release_of_the_recommended_attributes_to_the_TestShib_Service_Provider

How to test the release of the recommended attributes to the Example Service Provider

...