Versions Compared

Old Version 1

changes.mady.by.user Patrick Engbert

Saved on

compared with

New Version 2

changes.mady.by.user Patrick Engbert

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Whether or not a SAML Identity Provider Metadata XML file is provided by the client administrator, SAML Attribute information is needed. If the Identity Provider already provides InCommon eduPerson Protocol-Level Attribute Names then the well-known attribute names for first name, last name, user name and email information are automatically used. Otherwise Swank will need SAML Protocol-Level Attribute Names that contain information for:

...

User Role

Partial matching text

FriendlyName

Protocol-Level Attribute Name

Attribute Value

Basic User Role

employee@

eduPersonScopedAffiliation

urn:oid:1.3.6.1.4.1.5923.1.1.1.9

staff@school.edu;
employee@school.edu;
member@ school.edu

Instructor User Role

Microscope

eduPersonEntitlement

urn:oid:1.3.6.1.4.1.5923.1.1.1.7

urn:mace:school.edu:confocalMicroscope

No User Role (no access)

Notfound

eduPersonScopedAffiliation

urn:oid:1.3.6.1.4.1.5923.1.1.1.9

staff@school.edu;
employee@school.edu;
member@ school.edu

Table 1: Attributes for user roles

Basic and User Roles

Anchor
_Toc14436535
_Toc14436535
When a user is being authenticated as a Basic or User role, it is not necessary to send the SAML attributes identifying their first name, last name, user name, or email address.

...

Attribute Description

Friendly Name

Protocol-Level Attribute Name

Attribute Value

First name

givenName

urn:oid:2.5.4.42

Rick

Last name

Sn

urn:oid:2.5.4.4

Sanchez

User name (displayed in upper right corner)

displayName (uses sn + givenName if missing displayName)

urn:oid:2.16.840.1.113730.3.1.241

Rick Sanchez

Email

Mail

urn:oid:0.9.2342.19200300.100.1.3

rsanchez@school.edu

Table 2: Attribute examples Anchor_GoBack_GoBack

Non-Standard SAML Attributes

...