Federation attributes

Shibboleth Attributes

The table at the bottom of this page shows the Shibboleth attributes avaliable. The columns are explained below.

Friendly Name

A human readable name for an encoded SAML 2 attribute.

Name

The attribute name of the encoded SAML 1 or 2 attribute.

Encoding

How the attribute is encoded in the SAML assertion.

Type

One of:

Simple Attributes (ad:Simple)

Simple attributes are as the source attribute (see Source below).

Scripted Attributes (ad:Script)

eduPersonEntitlement has the value urn:mace:dir:entitlement:common-lib-terms for all people in Oak. Members with a student record will also have the value urn:mace:csoresearch.com:myinterfase:entitlement:student.

eduPersonAffiliation is as the eduPersonAffiliation attribute in Oak, with an added staff affiliation for non-students.

Scoped Attributes (ad:Scoped)

Scoped attributes will be as the source attribute, but with @ox.ac.uk appended.

Name ID (ad:SAML2NameID)

An alternate presentation of the computedId required for some commercial SAML SPs. implementations.

Source

The source of the attribute. UNIQUE_ID is the Oxford SSO Username, computedId is an anonymous, persistant, per-SP hashed user identifier.

All other attributes are sourced from Oak LDAP. Please see the Oak LDAP schema for more information.

Permitted Values

By default we release a very minimal set of information. A released value of ANY indicates that any value for the attribute will be released to all SPs. A released value of NONE indicates that, by default, the attribute is not released.

eduPersonScopedAffiliation is filtered in the default release policy, so that it will have the value member@ox.ac.uk for members and no value otherwise. More fine grained values e.g. student@ox.ac.uk are not realsed by default.

Registered ITSS may request the release of additional attributes / full values for a filtered attribute.

Friendly Name Name Encoding Type Source Permitted Values
eduPersonPrincipalName urn:mace:dir:attribute-def:eduPersonPrincipalName enc:SAML1ScopedString ad:Scoped UNIQUE_ID NONE
urn:oid:1.3.6.1.4.1.5923.1.1.1.6 enc:SAML2ScopedString
eduPersonTargetedID urn:mace:dir:attribute-def:eduPersonTargetedID enc:SAML1ScopedString ad:Scoped computedId ANY
urn:oid:1.3.6.1.4.1.5923.1.1.1.10 enc:SAML1XMLObject ad:SAML2NameID computedId ANY
urn:oid:1.3.6.1.4.1.5923.1.1.1.10 enc:SAML2XMLObject
eduPersonScopedAffiliation urn:mace:dir:attribute-def:eduPersonScopedAffiliation enc:SAML1ScopedString ad:Scoped eduPersonAffiliation member
urn:oid:1.3.6.1.4.1.5923.1.1.1.9 enc:SAML2ScopedString
eduPersonEntitlement urn:mace:dir:attribute-def:eduPersonEntitlement enc:SAML1String ad:Script   NONE
urn:oid:1.3.6.1.4.1.5923.1.1.1.7 enc:SAML2String
eduPersonAffiliation urn:mace:dir:attribute-def:eduPersonAffiliation enc:SAML1String ad:Script eduPersonAffiliation NONE
urn:oid:1.3.6.1.4.1.5923.1.1.1.1 enc:SAML2String
cn urn:mace:dir:attribute-def:cn enc:SAML1String ad:Simple cn NONE
urn:oid:2.5.4.3 enc:SAML2String
displayName urn:mace:dir:attribute-def:displayName enc:SAML1String ad:Simple displayName NONE
urn:oid:2.16.840.1.113730.3.1.241 enc:SAML2String
eduPersonOrgDN urn:mace:dir:attribute-def:eduPersonOrgDN enc:SAML1String ad:Simple eduPersonOrgDN NONE
urn:oid:1.3.6.1.4.1.5923.1.1.1.3 enc:SAML2String
eduPersonOrgUnitDN urn:mace:dir:attribute-def:eduPersonOrgUnitDN enc:SAML1String ad:Simple eduPersonOrgUnitDN NONE
urn:oid:1.3.6.1.4.1.5923.1.1.1.4 enc:SAML2String
eduPersonPrimaryOrgUnitDN urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN enc:SAML1String ad:Simple eduPersonPrimaryOrgUnitDN NONE
urn:oid:1.3.6.1.4.1.5923.1.1.1.8 enc:SAML2String
givenName urn:mace:dir:attribute-def:givenName enc:SAML1String ad:Simple givenName NONE
urn:oid:2.5.4.42 enc:SAML2String
mail urn:mace:dir:attribute-def:mail enc:SAML1String ad:Simple mail NONE
urn:oid:0.9.2342.19200300.100.1.3 enc:SAML2String
o urn:mace:dir:attribute-def:o enc:SAML1String ad:Simple o NONE
urn:oid:2.5.4.10 enc:SAML2String
ou urn:mace:dir:attribute-def:ou enc:SAML1String ad:Simple ou NONE
urn:oid:2.5.4.11 enc:SAML2String
sn urn:mace:dir:attribute-def:sn enc:SAML1String ad:Simple sn NONE
urn:oid:2.5.4.4 enc:SAML2String
oakInternalID https://registry.shibboleth.ox.ac.uk/attribute/oakInternalID enc:SAML1String ad:Simple oakInternalID NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.1 enc:SAML2String
oakPrincipal https://registry.shibboleth.ox.ac.uk/attribute/oakPrincipal enc:SAML1String ad:Simple oakPrincipal NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.2 enc:SAML2String
oakPrimaryPrincipal https://registry.shibboleth.ox.ac.uk/attribute/oakPrimaryPrincipal enc:SAML1String ad:Simple oakPrimaryPrincipal NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.3 enc:SAML2String
dateOfBirth https://registry.shibboleth.ox.ac.uk/attribute/dateOfBirth enc:SAML1String ad:Simple dateOfBirth NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.4 enc:SAML2String
oakCardExpiry https://registry.shibboleth.ox.ac.uk/attribute/oakCardExpiry enc:SAML1String ad:Simple oakCardExpiry NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.5 enc:SAML2String
oakStatus https://registry.shibboleth.ox.ac.uk/attribute/oakStatus enc:SAML1String ad:Simple oakStatus NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.6 enc:SAML2String
oakUniversityBarcode https://registry.shibboleth.ox.ac.uk/attribute/oakUniversityBarcode enc:SAML1String ad:Simple oakUniversityBarcode NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.7 enc:SAML2String
oakUniversityBarcodeCheckCharacter https://registry.shibboleth.ox.ac.uk/attribute/oakUniversityBarcodeCheck... enc:SAML1String ad:Simple oakUniversityBarcodeCheckCharacter NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.8 enc:SAML2String
oakUniversityBarcodeFull https://registry.shibboleth.ox.ac.uk/attribute/oakUniversityBarcodeFull enc:SAML1String ad:Simple oakUniversityBarcodeFull NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.9 enc:SAML2String
oakAlternativeMail https://registry.shibboleth.ox.ac.uk/attribute/oakAlternativeMail enc:SAML1String ad:Simple oakAlternativeMail NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.10 enc:SAML2String
memberOf https://registry.shibboleth.ox.ac.uk/attribute/memberOf enc:SAML1String ad:Simple memberOf NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.11 enc:SAML2String
oakPerson https://registry.shibboleth.ox.ac.uk/attribute/oakPerson enc:SAML1String ad:Simple oakPerson NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.12 enc:SAML2String
oakRole https://registry.shibboleth.ox.ac.uk/attribute/oakRole enc:SAML1String ad:Simple oakRole NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.13 enc:SAML2String
oakMailDomain https://registry.shibboleth.ox.ac.uk/attribute/oakMailDomain enc:SAML1String ad:Simple oakMailDomain NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.14 enc:SAML2String
oakPreferredMailDomain https://registry.shibboleth.ox.ac.uk/attribute/oakPreferredMailDomain enc:SAML1String ad:Simple oakPreferredMailDomain NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.15 enc:SAML2String
oakSuperUnit https://registry.shibboleth.ox.ac.uk/attribute/oakSuperUnit enc:SAML1String ad:Simple oakSuperUnit NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.16 enc:SAML2String
oakDivision https://registry.shibboleth.ox.ac.uk/attribute/oakDivision enc:SAML1String ad:Simple oakDivision NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.17 enc:SAML2String
oakUnitURI https://registry.shibboleth.ox.ac.uk/attribute/oakUnitURI enc:SAML1String ad:Simple oakUnitURI NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.18 enc:SAML2String
oakITSSFor https://registry.shibboleth.ox.ac.uk/attribute/oakITSSFor enc:SAML1String ad:Simple oakITSSFor NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.19 enc:SAML2String
oakPrimaryITSSFor https://registry.shibboleth.ox.ac.uk/attribute/oakPrimaryITSSFor enc:SAML1String ad:Simple oakPrimaryITSSFor NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.20 enc:SAML2String
oakGN https://registry.shibboleth.ox.ac.uk/attribute/oakGN enc:SAML1String ad:Simple oakGN NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.21 enc:SAML2String
oakAccessGroup https://registry.shibboleth.ox.ac.uk/attribute/oakAccessGroup enc:SAML1String ad:Simple oakAccessGroup NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.22 enc:SAML2String
oakUnitCode https://registry.shibboleth.ox.ac.uk/attribute/oakUnitCode enc:SAML1String ad:Simple oakUnitCode NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.23 enc:SAML2String
oakPrimaryPersonID https://registry.shibboleth.ox.ac.uk/attribute/oakPrimaryPersonID enc:SAML1String ad:Simple oakPrimaryPersonID NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.24 enc:SAML2String
oakPersonID https://registry.shibboleth.ox.ac.uk/attribute/oakPersonID enc:SAML1String ad:Simple oakPersonID NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.25 enc:SAML2String
oakOSSID https://registry.shibboleth.ox.ac.uk/attribute/oakOSSID enc:SAML1String ad:Simple oakOSSID NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.29 enc:SAML2String
oakUniversityCardID https://registry.shibboleth.ox.ac.uk/attribute/oakUniversityCardID enc:SAML1String ad:Simple oakUniversityCardID NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.34 enc:SAML2String
oakOSSCourseCode https://registry.shibboleth.ox.ac.uk/attribute/oakOSSCourseCode enc:SAML1String ad:Simple oakOSSCourseCode NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.36 enc:SAML2String
oakWeblearnGroupName https://registry.shibboleth.ox.ac.uk/attribute/oakWeblearnGroupName enc:SAML1String ad:Simple oakWeblearnGroupName NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.45 enc:SAML2String
oakOUCSProvisionedUsername https://registry.shibboleth.ox.ac.uk/attribute/oakOUCSProvisionedUsername enc:SAML1String ad:Simple oakOUCSProvisionedUsername NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.46 enc:SAML2String
oakOxfordSSOUsername https://registry.shibboleth.ox.ac.uk/attribute/oakOxfordSSOUsername enc:SAML1String ad:Simple oakOxfordSSOUsername NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.47 enc:SAML2String
oakssousername https://registry.shibboleth.ox.ac.uk/attribute/oakssousername enc:SAML1String ad:Simple oakssousername NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.48 enc:SAML2String
oakpersonalprincipal https://registry.shibboleth.ox.ac.uk/attribute/oakpersonalprincipal enc:SAML1String ad:Simple oakpersonalprincipal NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.49 enc:SAML2String
oakprincipalispersonal https://registry.shibboleth.ox.ac.uk/attribute/oakprincipalispersonal enc:SAML1String ad:Simple oakprincipalispersonal NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.50 enc:SAML2String
oakUnitStatus https://registry.shibboleth.ox.ac.uk/attribute/oakUnitStatus enc:SAML1String ad:Simple oakUnitStatus NONE
urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.51 enc:SAML2String

 

Written by IT Services. Latest revision 8 June 2017