MUNI Unified Login


SAML2 attributes

For services in eduID.cz or eduGAIN federation and for apps which do not support OIDC, we offer connection by SAML2.

Personal attributes

Display name

Definition eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki
Description name which should be displayed to user
Example John Doe
SAML2 name displayName
SAML2 mapping urn:oid:2.16.840.1.113730.3.1.241

Full name

Definition eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki
Description full name (without academic titles)
Example John Richard Doe
SAML2 name cn (commonName)
SAML2 mapping urn:oid:2.5.4.3

First name

Definition eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki
Description first name(-s)
Example John
OIDC scope profile
OIDC claim given_name
SAML2 name givenName
SAML2 mapping

urn:oid:2.5.4.42

Last name

Definition eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki
Description last name(-s)
Example Doe
OIDC scope profile
OIDC claim family_name
SAML2 name sn (surname)
SAML2 mapping urn:oid:2.5.4.4

Contact information

E-mail

Definition eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki
Description preferred university or other email address
Example 1973@mail.muni.cz
john.doe@example.org
OIDC scope email
OIDC claim email
SAML2 name mail
SAML2 mapping
urn:oid:0.9.2342.19200300.100.1.3

Identifiers

Targeted ID

Definition eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki
Description targeted identifier which is unique for every user-service pair, in the NameID format (see SAML 2.0) this is the preferred way of identifying users

Example <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NameQualifier="https://idp2.ics.muni.cz/idp/shibboleth" SPNameQualifier="https://sp.example.com/" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">OTQ4NDE0MjFmYjVhNGQ4M2UzMDE=</saml:NameID>
SAML2 name eduPersonTargetedID
SAML2 mapping urn:oid:1.3.6.1.4.1.5923.1.1.1.10

Unique ID

Definition eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki
Description unique, long-lived, non re-assignable identifier in the form uniqueID@scope
Example 2fe269ee87e93bf6009c7813b1f6b2bf02fb0b441fa2f5080acc62374361610f@muni.cz
SAML2 name eduPersonUniqueId
SAML2 mapping

urn:oid:1.3.6.1.4.1.5923.1.1.1.13

User-friendly ID

Definition eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki
Description human-friendly identifier in the form username@scope, at MU it has the same properties as eduPersonUniqueId (see eduPersonAssurance)
Example 1973@muni.cz
OIDC scope openid
OIDC claim sub
SAML2 name eduPersonPrincipalName
SAML2 mapping

urn:oid:1.3.6.1.4.1.5923.1.1.1.6

Personal number (UČO)

Definition unstructuredName [eduID.cz]
Description personal number (UČO)
Example 1973
OIDC scope profile
OIDC claim preferred_username
SAML2 name unstructuredName
or
uid
SAML2 mapping urn:oid:1.2.840.113549.1.9.2
nebo
urn:oid:0.9.2342.19200300.100.1.1

ID for Eduroam (reserved for Eduroam)

Definition eduroamUID [eduroam.cz]
Description identifier in the Eduroam network
Example 1973@eduroam.muni.cz
SAML2 name eduroamUID
SAML2 mapping http://eduroam.cz/attributes/eduroamUID

Affiliation

Scoped affiliation

Definition eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki
Description affiliation with MU, possible values: order is not guaranteed
Example
OIDC scope eduperson_scoped_affiliation
OIDC claim eduperson_scoped_affiliation
SAML2 name eduPersonScopedAffiliation
SAML2 mapping urn:oid:1.3.6.1.4.1.5923.1.1.1.9

Unscoped affiliation

Definition eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki
Description affiliation with university, the value of eduPersonScopedAffiliation without scope, order is not guaranteed
Example
  • alum
  • employee
  • staff
  • member
SAML2 name eduPersonAffiliation
SAML2 mapping

urn:oid:1.3.6.1.4.1.5923.1.1.1.1

Entitlements and group memberships

Definition eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki
Description user entitlements based on group membership in Perun, please contact us for setup, order is not guaranteed
Example
OIDC scope eduperson_entitlement
OIDC claim eduperson_entitlement
SAML2 name eduPersonEntitlement
SAML2 mapping
urn:oid:1.3.6.1.4.1.5923.1.1.1.7

Mefaperson (reserved for Mefanet)

Definition Mefaperson - MEFANET
Description affiliation to Mefanet network
Example lf.muni.cz
SAML2 name mefanet
SAML2 mapping http://www.mefanet.cz/mefaperson/

ID v síti Eduroam (pouze pro Eduroam)

Definice eduroamUID [eduroam.cz]
Popis identifikátor v síti Eduroam
Příklad obsahu 7796@eduroam.muni.cz
Název v SAML2 eduroamUID
Mapování v SAML2

http://eduroam.cz/attributes/eduroamUID

Organization

Assurance

Definition eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki
Description user assurance level, values from REFEDS AF, order is not guaranteed
Example
SAML2 name eduPersonAssurance
SAML2 mapping urn:oid:1.3.6.1.4.1.5923.1.1.1.11

Organization name

Definition eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki
Description static value
Example Masarykova univerzita
SAML2 name o (organizationName)
SAML2 mapping

urn:oid:2.5.4.10

Organization scope

Definition https://wiki.refeds.org/download/attachments/44957731/SCHAC%2B1.5.0.pdf?version=3&modificationDate=1429202342624&api=v2
Description static value
Example muni.cz
SAML2 name schacHomeOrganization
SAML2 mapping
urn:oid:1.3.6.1.4.1.25178.1.2.9

Organization type

Definition https://wiki.refeds.org/download/attachments/44957731/SCHAC%2B1.5.0.pdf?version=3&modificationDate=1429202342624&api=v2
Description static value, order is not guaranteed
Example
  • urn:schac:homeOrganizationType:cz:university
  • urn:schac:homeOrganizationType:int:university
SAML2 name schacHomeOrganizationType
SAML2 mapping urn:oid:1.3.6.1.4.1.25178.1.2.10

Other

Preferred language

Definition eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki
Description language chosen at login screen
Example en
OIDC scope profile
OIDC claim locale
SAML2 name preferredLanguage
SAML2 mapping urn:oid:2.16.840.1.113730.3.1.39

You are running an old browser version. We recommend updating your browser to its latest version.