Whether or not a SAML Identity Provider Metadata XML file is provided by the client administrator, SAML Attribute information is needed for role mapping. If the Identity Provider already provides InCommon eduPerson Protocol-Level Attribute Names then the well-known attribute names for first name, last name, user name and email information are automatically used. Otherwise Swank will need SAML Protocol-Level Attribute Names that contain information for:
...
UUser Role | Partial matching text | FriendlyName | Protocol-Level Attribute Name | Attribute Value |
Basic User Role | employee@ | eduPersonScopedAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.9 | staff@school.edu; |
Instructor User Role | Microscope | eduPersonEntitlement | urn:oid:1.3.6.1.4.1.5923.1.1.1.7 | urn:mace:school.edu:confocalMicroscope |
No User Role (no access) | Notfound | eduPersonScopedAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.9 | staff@school.edu; |
Table 1: Attributes for user roles
Basic and User Roles
Anchor | ||||
---|---|---|---|---|
|
...
Attribute Description | Friendly Name | Protocol-Level Attribute Name | Attribute Value |
First name | givenName | urn:oid:2.5.4.42 | Rick |
Last name | Sn | urn:oid:2.5.4.4 | Sanchez |
User name (displayed in upper right corner) | displayName (uses sn + givenName if missing displayName) | urn:oid:2.16.840.1.113730.3.1.241 | Rick Sanchez |
urn:oid:0.9.2342.19200300.100.1.3 | rsanchez@school.edu |
Table 2: Attribute examples
Non-Standard SAML Attributes
...