Shibboleth Attribute Reference In order of popularity This document contains information about the most popular user attributes here at the University. Other attributes are available, so if you don’t see what you’re looking for contact the Identity Management Team ( [email protected] ). Attribute Availability In some cases, users may have suppressed some or all of their directory information from public view. Faculty and staff members of the University of Minnesota may only suppress their home address and phone number while students may suppress all of their information. As required by University policy and certain regulations such as FERPA, an Access Request Form (ARF) is required to obtain certain attribute values from the user directory. MultiValue Attributes Some attributes may contain more than one value. Usually, each individual datum is delimited by a character (i.e., a semicolon), but this depends on the SAML software being used by the individual service provider (SP). Such attributes are denoted as such in the table below. Common Use Cases 1. I want to be able to email the user ○ Helpful Attributes: mail , displayName , givenName , surname , title 2. I want to be able to determine the user’s campus affiliation ○ Helpful Attributes: eduPersonAffiliation 3. I want to be able to determine the user’s role ○ Helpful Attributes: isGuest , umnPersonType , umnRole displayName eduPersonAffiliation eduPersonPrincipalName facsimileTelephoneNumber givenName homePhone homePostalAddress initials isGuest isMemberOf mail preferredRfc822Originator preferredRfc822Recipient surname (sn) telephoneNumber Shibboleth Attribute Reference In order of popularity title uid umnAcademicClass umnBusinessAddress umnCampusMail umnDID umnDisplayMail umnEmplID umnJobSummary umnLibAccess umnLibUserType umnOfficeAddress1 umnOfficialNameNoCount umnPatronID umnPersonType umnPhone2 umnRole umnUCard umnUMRptAccess displayName The name(s) that should appear in directory search applications for this person. Based on the person's PreferredName from PeopleSoft. This attribute is exposed from LDAP via Shibboleth asis. Attribute Details SAML2 friendlyName displayName SAML2 name urn:oid:2.16.840.1.113730.3.1.241 SAML2 type SAML2String Multiple Values No Example Value(s) Joseph Student Availability ARF required Internet2 EduPerson Reference eduPersonAffiliation Specifies the person's relationship(s) to the institution in broad categories (student, faculty, etc). Shibboleth Attribute Reference In order of popularity Attribute Details SAML2 friendlyName eduPersonAffiliation SAML2 name urn:oid:1.3.6.1.4.1.5923.1.1.1.1 SAML2 type SAML2String Multiple Values Yes Example Value(s) Member, Student Availability ARF required Internet2 EduPerson Reference eduPersonPrincipalName Fullyqualified username ([email protected]) but not necessarily the user’s published email address. Attribute Details SAML2 friendlyName eduPersonPrincipalName SAML2 name urn:oid:1.3.6.1.4.1.5923.1.1.1.6 SAML2 type SAML2ScopedString Multiple Values No Example Value(s) [email protected] Availability Included in default set Internet2 EduPerson Reference facsimileTelephoneNumber Contains telephone numbers (and, optionally, the parameters) for facsimile (fax) terminals. Each telephone number is one value of this multivalued attribute . Attribute Details SAML2 friendlyName facsimileTelephoneNumber SAML2 name urn:oid:2.5.4.23 SAML2 type SAML2String Shibboleth Attribute Reference In order of popularity Multiple Values Yes Example Value(s) +1 6085551212 Availability Not included in default set; no ARF required Internet2 EduPerson Reference givenName The user’s first name; based on the PreferredName from the individual’s PeopleSoft record, if present. At the University, individuals have the opportunity to specify a name that may differ from their legal or ‘primary’ name. Attribute Details SAML2 friendlyName givenName SAML2 name urn:oid:2.5.4.42 SAML2 type SAML2String Multiple Values No Example Value(s) Joseph Availability ARF required Internet2 EduPerson Reference homePhone Specifies a home telephone number associated with the individual (ie: +1 608 555 1212). Attribute Details SAML2 friendlyName homePhone SAML2 name urn:oid:0.9.2342.19200300.100.1.20 SAML2 type SAML2String Multiple Values No Example Value(s) +1 6085551212 Availability ARF required Shibboleth Attribute Reference In order of popularity Internet2 EduPerson Reference homePostalAddress Specifies a home postal address for an individual (up to 6 lines of 30 characters each). Attribute Details SAML2 friendlyName homePostalAddress SAML2 name urn:oid:0.9.2342.19200300.100.1.39 SAML2 type SAML2String Multiple Values No Example Value(s) 123 Main Street North $ Minneapolis, MN 554151234 Availability ARF required Internet2 EduPerson Reference initials The user's middle initials (that is, not including the user’s given name and surname). Attribute Details SAML2 friendlyName initials SAML2 name urn:oid:2.5.4.43 SAML2 type SAML2String Multiple Values No Example Value(s) GT Availability ARF required Internet2 EduPerson Reference isGuest Boolean that indicates whether the user account is a guest. Shibboleth Attribute Reference In order of popularity Attribute Details SAML2 friendlyName isGuest SAML2 name https://www.umn.edu/shibboleth/attributes/isGuest SAML2 type SAML2String Multiple Values No Example Value(s) TRUE Availability Included in default set isMemberOf The isMemberOf attribute contains a value for each group the user belongs to. Attribute Details SAML2 friendlyName isMemberOf SAML2 name urn:oid:1.3.6.1.4.1.5923.1.5.1.1 SAML2 type SAML2String Multiple Values Yes Example Value(s) cn=umn:oit:webtarget:umreports,ou=Groups,o=Univ ersity of Minnesota ,c=US Availability ARF required mail Contains a value for each of the user's email addresses; though multivalued, there is often only one value. Preferred address for the "to:" field of email to be sent to this person. Attribute Details SAML2 friendlyName mail SAML2 name urn:oid:0.9.2342.19200300.100.1.3 SAML2 type SAML2String Shibboleth Attribute Reference In order of popularity Multiple Values Yes Example Value(s) [email protected] Availability ARF required Internet2 EduPerson Reference preferredRfc822Originator The preferredRfc822Originator attribute contains the canonical From address and is not necessarily the same as the DisplayMail address it might include things such as the email hostname, for example, but often doesn’t anymore. Attribute Details SAML2 friendlyName preferredRfc822Originator SAML2 name https://www.umn.edu/shibboleth/attributes/preferred Rfc822Originator SAML2 type SAML2String Multiple Values No Example Value(s) [email protected] Availability ARF required preferredRfc822Recipient The preferredRfc822Recipient attribute contains the user’s primary forwarding email address which may or may not be the same as the DisplayMail address. Attribute Details SAML2 friendlyName preferredRfc822Recipient SAML2 name https://www.umn.edu/shibboleth/attributes/preferred Rfc822Recipient SAML2 type SAML2String Multiple Values No Example Value(s) username@gmx.umn.edu Shibboleth Attribute Reference In order of popularity Availability ARF required surname (sn) The user’s last name; based on the PreferredName from the individual’s PeopleSoft record, if present. Attribute Details SAML2 friendlyName surname SAML2 name urn:oid:2.5.4.4 SAML2 type SAML2String Multiple Values No Example Value(s) Jones Availability ARF required Internet2 EduPerson Reference telephoneNumber The user’s office/campus phone number (ie: +1 608 555 1212).. Attribute Details SAML2 friendlyName mail SAML2 name urn:oid:2.5.4.20 SAML2 type SAML2String Multiple Values No Example Value(s) +1 6126255000 Availability ARF required Internet2 EduPerson Reference title The title of a person in their organizational context. Each title is one value of this multivalued attribute. Shibboleth Attribute Reference In order of popularity Attribute Details SAML2 friendlyName title SAML2 name urn:oid:2.5.4.12 SAML2 type SAML2String Multiple Values Yes Example Value(s) Bus/Sys Anlst Availability ARF required Internet2 EduPerson Reference uid User login name (ie: user1234), but can be changed under certain circumstances at the University by a name change request from the user. Attribute Details SAML2 friendlyName uid SAML2 name urn:oid:0.9.2342.19200300.100.1.1 SAML2 type SAML2String Multiple Values No Example Value(s) john1234 Availability Included in default set Internet2 EduPerson Reference umnAcademicClass If the individual is enrolled in UMN courses. this attribute displays the type of degree program. Attribute Details SAML2 friendlyName umnAcademicClass Shibboleth Attribute Reference In order of popularity SAML2 name https://www.umn.edu/shibboleth/attributes/umnAcad emicClass SAML2 type SAML2String Multiple Values Example Value(s) Nondegree, Freshman Availability ARF required umnBusinessAddress This is typically an oncampus work address, such as a healthcare provider’s clinic address. Attribute Details SAML2 friendlyName umnBusinessAddress SAML2 name https://www.umn.edu/shibboleth/attributes/umnBusin essAddress SAML2 type SAML2String Multiple Values No Example Value(s) 123 Main Street North $ Minneapolis, MN 554151234 Availability ARF required umnCampusMail The campus mail address of the individual, but not necessarily the location of the individual’s oncampus office. Note: the alphanumeric string on the third line corresponds to the Campus Mail Code. Attribute Details SAML2 friendlyName umnCampusMail SAML2 name https://www.umn.edu/shibboleth/attributes/umnCam pusMail SAML2 type SAML2String Multiple Values No Shibboleth Attribute Reference In order of popularity Example Value(s) Ofc of Information Technology $ Room 660 WBOB $ 7531A $ 1300 S 2nd St $ Minneapolis, MN 55454 Availability ARF required umnDID The internal directory ID for a given user; an alternate unique identifier for an account (example?). Attribute Details SAML2 friendlyName umnDID SAML2 name https://www.umn.edu/shibboleth/attributes/umnDID SAML2 type SAML2String Multiple Values No Example Value(s) 3c8hyy463 Availability Included in default set umnDisplayMail The individual’s ‘official UMN’ email address that is displayed in the directory. The account may forward to another (nonUMN) email account. Attribute Details SAML2 friendlyName umnDisplayMail SAML2 name https://www.umn.edu/shibboleth/attributes/umnDispl ayMail SAML2 type SAML2String Multiple Values No Example Value(s) [email protected] Availability ARF required Shibboleth Attribute Reference In order of popularity umnEmplID The user’s Employee ID (or EmplID, StudentID in the case of students) from PeopleSoft Attribute Details SAML2 friendlyName umnEmplId SAML2 name urn:oid:2.16.840.1.113730.3.1.3 SAML2 type SAML2String Multiple Values No Example Value(s) 0123456 Availability ARF required umnJobSummary A delimited string that returns information about an individual's appointment(s), including department code, pay code, appointment status, location, etc. This attribute provides the most detailed information about an individual’s job status at the University. Attribute Details SAML2 friendlyName umnJobSummary SAML2 name https://www.umn.edu/shibboleth/attributes/umnJobS ummary SAML2 type SAML2String Multiple Values Yes Example Value(s) 801A:0000:8639ZN:A:FER:TCEASTBANK:40.00::Inf ormation Technology ,Ofc of:Bus/Sys Anlst 2 No Entry:10068:OITXX:P:Z0437: Availability ARF required umnLibAccess The umnLibAccess attribute contains library access flags assigned to the user. Shibboleth Attribute Reference In order of popularity Attribute Details SAML2 friendlyName umnLibAccess SAML2 name https://www.umn.edu/shibboleth/attributes/umnLibAc cess SAML2 type SAML2String Multiple Values Yes Example Value(s) 2 Availability ARF required umnLibUserType Describes the type of library access an individual has, which could include multiple types. Attribute Details SAML2 friendlyName umnLibUserType SAML2 name https://www.umn.edu/shibboleth/attributes/umnLibU serType SAML2 type SAML2String Multiple Values Yes Example Value(s) IMNU:48 Availability ARF required umnOfficeAddress1 The individual’s primary campus address. Attribute Details SAML2 friendlyName umnOfficeAddress1 SAML2 name https://www.umn.edu/shibboleth/attributes/umnOffic eAddress1 Shibboleth Attribute Reference In order of popularity SAML2 type SAML2String Multiple Values No Example Value(s) Ofc of Information Technology $ Room 209E WBOB $ 1300 S 2nd St $ Minneapolis, MN 55454 Availability ARF required umnOfficialNameNoCount The individual’s Preferred Name from PeopleSoft without the incremental digit suffix. Attribute Details SAML2 friendlyName umnOfficialNameNoCount SAML2 name https://www.umn.edu/shibboleth/attributes/umnOffici alNameNoCount SAML2 type SAML2String Multiple Values No Example Value(s) User J Userson Availability ARF required umnPatronID Contains the user’s UMN Library Card Number. Attribute Details SAML2 friendlyName umnPatronID SAML2 name https://www.umn.edu/shibboleth/attributes/umnPatro mID SAML2 type SAML2String Multiple Values No Example Value(s) 2UCSA1010410ZBY Availability ARF required Shibboleth Attribute Reference In order of popularity umnPersonType User's classification at the University as student, staff, alumni, etc. This attribute is the most general in terms of describing an individual’s job or registration status. Attribute Details SAML2 friendlyName umnPersonType SAML2 name https://www.umn.edu/shibboleth/attributes/umnPers onType SAML2 type SAML2String Multiple Values Yes Example Value(s) Degree Availability ARF required umnPhone2 An alternate campus phone number. Attribute Details SAML2 friendlyName umnPhone2 SAML2 name https://www.umn.edu/shibboleth/attributes/umnPhon e2 SAML2 type SAML2String Multiple Values No Example Value(s) +1 6085551212 Availability ARF required umnRole This attribute provides more detailed information about an individual’s job or registration status. A multisegmented string containing campus affiliation, guest status, college/dept code, etc. Shibboleth Attribute Reference In order of popularity Attribute Details SAML2 friendlyName umnRole SAML2 name https://www.umn.edu/shibboleth/attributes/umnRole SAML2 type SAML2String Multiple Values Yes Example Value(s) tc.staff.oit.801A.8639ZN Availability ARF required umnUCard The individual’s 17digit UCard number. Attribute Details SAML2 friendlyName umnUCard SAML2 name https://www.umn.edu/shibboleth/attributes/umnUCar d SAML2 type SAML2String Multiple Values No Example Value(s) 60095340148883762 Availability ARF required umnUMRptAccess Boolean indicating whether the user has access to UM Reports. Attribute Details SAML2 friendlyName umnUMRptAccess SAML2 name https://www.umn.edu/shibboleth/attributes/umnUMR ptAccess SAML2 type SAML2String Shibboleth Attribute Reference In order of popularity Multiple Values No Example Value(s) FALSE Availability ARF required
© Copyright 2024