Page History
Considerations for eduID.at SAML Identity Providers for use with services registered with other Identity Federations via Interfederation arrangements (such as eduGAIN).
Info | ||||
---|---|---|---|---|
| ||||
You will find that nothing here is specific to Interfederation participation, i.e. all IDPs in eduID.at should be configured like this. |
Only by (also) participating in Interfederation will you be able to support your academic constituency in providing them with secured access to the resources they need. For example E-research cannot happen without international collaboration and shared, properly managed access to scientific tools. Cf. the FIM4R (Federated Identity Management for Research Collaborations) paper.
Metadata
All IDPs in eduID.at should always load SAML Metadata that also includes entities known via Interfederation agreements, such as eduGAIN. This metadata set alone is sufficient for all eduID.at Federation and Interfederation purposes, so can replace any previously used one:
...
- Name attributes
- displayName (
urn:oid:2.16.840.1.113730.3.1.241
) - givenName (
urn:oid:2.5.4.42
) - sn/surname (
urn:oid:2.5.4.4
)
- displayName (
- Identifiers
- SAML Subject-ID (
urn:oasis:names:tc:SAML:attribute:subject-id
) - SAML Pairwise-ID (
urn:oasis:names:tc:SAML:attribute:pairwise-id
) - SAML2 persistent NameID (
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
eduPersonTargetedID (a.k.a. SAML2 persistent NameID,urn:oid:1.3.6.1.4.1.5923.1.1.1.10
) - eduPersonPrincipalName (
urn:oid:1.3.6.1.4.1.5923.1.1.1.6
) - mail (
urn:oid:0.9.2342.19200300.100.1.3
)
- SAML Subject-ID (
- Authorization / Org data
- eduPersonScopedAffiliation (
urn:oid:1.3.6.1.4.1.5923.1.1.1.9
) - eduPersonEntitlement (
urn:oid:1.3.6.1.4.1.5923.1.1.1.7
)
- schacHomeOrganization (
urn:oid:1.3.6.1.4.1.25178.1.2.9
)
- eduPersonScopedAffiliation (
...