Page History

...

• Name attributes
  • displayName (urn:oid:2.16.840.1.113730.3.1.241)
  • givenName (urn:oid:2.5.4.42)
  • sn/surname (urn:oid:2.5.4.4)
• Identifiers
  • eduPersonTargetedID (a.k.a. SAML2 persistent NameID, urn:oid:1.3.6.1.4.1.5923.1.1.1.10)
  • eduPersonPrincipalName (urn:oid:1.3.6.1.4.1.5923.1.1.1.6)
  • mail (urn:oid:0.9.2342.19200300.100.1.3)
• Authorization
  • eduPersonScopedAffiliation (urn:oid:1.3.6.1.4.1.5923.1.1.1.9)
  • eduPersonEntitlement (urn:oid:1.3.6.1.4.1.5923.1.1.1.7)
• Organizational data
  • schacHomeOrganization (urn:oid:1.3.6.1.4.1.25178.1.2.9)

Attribute release

Adjust the IDP configuration Extend your existing IDP configuration to scalably release selected needed attributes to appropriate SPsappropriate Service Providers.

TODO: Detailed technical information to follow!

The use of the provided Service Categories to automate attribute release as much as possible is strongly recommended for all IDPs participating in Interfederation.

Notify ACOnet

To make your Identity Provider usable with services from registered in other interfederated institutions federations contact ACOnet in order for your entity to become visible to eduGAIN (and from there to other eduGAIN-participating federations).those interfederation services.

If you added support for Service Categories-based attribute release (which is strongly recommended!) please also notify ACOnet about which ones you support, so this can be documented in your Identity Provider's SAML Metadata. Signalling the support for a given Service Category allows services relying on attributes defined in such Service Categories to automatically filter which IDPs they make available for login. By only listing IDPs who claim to support a given Service Category chances of successful logins (and hence of a proper user experience) for subjects coming from those Identity Providers are greatly enhanced!