Attributes Released by SAML2 Protocol
For services in eduID.cz or eduGAIN federation and for apps which do not support OIDC, we offer connection by SAML2.
Personal attributes
Display name
Definition | eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki |
Description | name which should be displayed to user |
Example | John Doe |
SAML2 name | displayName |
SAML2 mapping | urn:oid:2.16.840.1.113730.3.1.241 |
Full name
Definition | eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki |
Description | full name (without academic titles) |
Example | John Richard Doe |
SAML2 name | cn (commonName) |
SAML2 mapping | urn:oid:2.5.4.3 |
First name
Definition | eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki |
Description | first name(-s) |
Example | John |
OIDC scope | profile |
OIDC claim | given_name |
SAML2 name | givenName |
SAML2 mapping |
urn:oid:2.5.4.42 |
Last name
Definition | eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki |
Description | last name(-s) |
Example | Doe |
OIDC scope | profile |
OIDC claim | family_name |
SAML2 name | sn (surname) |
SAML2 mapping | urn:oid:2.5.4.4 |
Contact information
Definition | eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki |
Description | preferred university or other email address |
Example | 1973@mail.muni.cz john.doe@example.org |
OIDC scope | |
OIDC claim | |
SAML2 name | |
SAML2 mapping |
urn:oid:0.9.2342.19200300.100.1.3 |
Identifiers
Targeted ID
Definition | eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki |
Description | targeted identifier which is unique for every user-service pair, in the NameID format (see SAML 2.0) this is the preferred way of identifying users |
Example | <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NameQualifier="https://idp2.ics.muni.cz/idp/shibboleth" SPNameQualifier="https://sp.example.com/" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">OTQ4NDE0MjFmYjVhNGQ4M2UzMDE=</saml:NameID> |
SAML2 name | eduPersonTargetedID |
SAML2 mapping | urn:oid:1.3.6.1.4.1.5923.1.1.1.10 |
Unique ID
Definition | eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki |
Description | unique, long-lived, non re-assignable identifier in the form uniqueID@scope |
Example | 2fe269ee87e93bf6009c7813b1f6b2bf02fb0b441fa2f5080acc62374361610f@muni.cz |
SAML2 name | eduPersonUniqueId |
SAML2 mapping |
urn:oid:1.3.6.1.4.1.5923.1.1.1.13 |
User-friendly ID
Definition | eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki |
Description | human-friendly identifier in the form username@scope, at MU it has the same properties as eduPersonUniqueId (see eduPersonAssurance) |
Example | 1973@muni.cz |
OIDC scope | openid |
OIDC claim | sub |
SAML2 name | eduPersonPrincipalName |
SAML2 mapping |
urn:oid:1.3.6.1.4.1.5923.1.1.1.6 |
Personal number (UČO)
Definition | unstructuredName [eduID.cz] |
Description | personal number (UČO) |
Example | 1973 |
OIDC scope | profile |
OIDC claim | preferred_username |
SAML2 name | unstructuredName or uid |
SAML2 mapping | urn:oid:1.2.840.113549.1.9.2 nebo urn:oid:0.9.2342.19200300.100.1.1 |
ID for Eduroam (reserved for Eduroam)
Definition | eduroamUID [eduroam.cz] |
Description | identifier in the Eduroam network |
Example | 1973@eduroam.muni.cz |
SAML2 name | eduroamUID |
SAML2 mapping | http://eduroam.cz/attributes/eduroamUID |
Affiliation
Scoped affiliation
Definition | eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki |
Description | affiliation with MU, possible values:
|
Example | |
OIDC scope | eduperson_scoped_affiliation |
OIDC claim | eduperson_scoped_affiliation |
SAML2 name | eduPersonScopedAffiliation |
SAML2 mapping | urn:oid:1.3.6.1.4.1.5923.1.1.1.9 |
Unscoped affiliation
Definition | eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki |
Description | affiliation with university, the value of eduPersonScopedAffiliation without scope, order is not guaranteed |
Example |
|
SAML2 name | eduPersonAffiliation |
SAML2 mapping |
urn:oid:1.3.6.1.4.1.5923.1.1.1.1 |
Entitlements and group memberships
Definition | eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki |
Description | user entitlements based on group membership in Perun, please contact us for setup, order is not guaranteed |
Example |
|
OIDC scope | eduperson_entitlement |
OIDC claim | eduperson_entitlement |
SAML2 name | eduPersonEntitlement |
SAML2 mapping |
urn:oid:1.3.6.1.4.1.5923.1.1.1.7 |
Mefaperson (reserved for Mefanet)
Definition | Mefaperson - MEFANET |
Description | affiliation to Mefanet network |
Example | lf.muni.cz |
SAML2 name | mefanet |
SAML2 mapping | http://www.mefanet.cz/mefaperson/ |
ID v síti Eduroam (pouze pro Eduroam)
Definice | eduroamUID [eduroam.cz] |
Popis | identifikátor v síti Eduroam |
Příklad obsahu | 7796@eduroam.muni.cz |
Název v SAML2 | eduroamUID |
Mapování v SAML2 |
http://eduroam.cz/attributes/eduroamUID |
Organization
Assurance
Definition | eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki |
Description | user assurance level, values from REFEDS AF, order is not guaranteed |
Example | |
SAML2 name | eduPersonAssurance |
SAML2 mapping | urn:oid:1.3.6.1.4.1.5923.1.1.1.11 |
Organization name
Definition | eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki |
Description | static value |
Example | Masarykova univerzita |
SAML2 name | o (organizationName) |
SAML2 mapping |
urn:oid:2.5.4.10 |
Organization scope
Definition | https://wiki.refeds.org/download/attachments/44957731/SCHAC%2B1.5.0.pdf?version=3&modificationDate=1429202342624&api=v2 |
Description | static value |
Example | muni.cz |
SAML2 name | schacHomeOrganization |
SAML2 mapping |
urn:oid:1.3.6.1.4.1.25178.1.2.9 |
Organization type
Definition | https://wiki.refeds.org/download/attachments/44957731/SCHAC%2B1.5.0.pdf?version=3&modificationDate=1429202342624&api=v2 |
Description | static value, order is not guaranteed |
Example |
|
SAML2 name | schacHomeOrganizationType |
SAML2 mapping | urn:oid:1.3.6.1.4.1.25178.1.2.10 |
Other
Preferred language
Definition | eduPerson 2020-01 - Standards-and-Specs - REFEDS wiki |
Description | language chosen at login screen |
Example | en |
OIDC scope | profile |
OIDC claim | locale |
SAML2 name | preferredLanguage |
SAML2 mapping | urn:oid:2.16.840.1.113730.3.1.39 |