Federation attributes
Shibboleth Attributes
The table at the bottom of this page shows the Shibboleth attributes available, please scroll right to access the other parts of the table.
The columns are explained below.
The attribute name of the encoded SAML 1 or 2 attribute.
How the attribute is encoded in the SAML assertion.
Simple attributes are as the source attribute (see Source below).
eduPersonEntitlement has the value urn:mace:dir:entitlement:common-lib-terms for all people in Oak. Members with a student record will also have the value urn:mace:csoresearch.com:myinterfase:entitlement:student.
eduPersonAffiliation is as the eduPersonAffiliation attribute in Oak, with an added staff affiliation for non-students.
Scoped attributes will be as the source attribute, but with @ox.ac.uk appended.
An alternate presentation of the computedId required for some commercial SAML SPs. implementations.
The source of the attribute. UNIQUE_ID is the Oxford SSO Username, computedId is an anonymous, persistent, per-SP hashed user identifier.
All other attributes are sourced from Oak LDAP. Please see the Oak LDAP schema for more information.
By default we release a very minimal set of information. A released value of ANY indicates that any value for the attribute will be released to all SPs. A released value of NONE indicates that, by default, the attribute is not released.
eduPersonScopedAffiliation is filtered in the default release policy, so that it will have the value member@ox.ac.uk for members and no value otherwise. More fine grained values e.g. student@ox.ac.uk are not realsed by default.
Registered ITSS may request the release of additional attributes / full values for a filtered attribute.
| Friendly Name | Name. | Encoding | Type | Source | Permitted Values |
|---|---|---|---|---|---|
| eduPersonPrincipalName |
urn:mace:dir:attribute-def:eduPersonPrincipalName urn:oid:1.3.6.1.4.1.5923.1.1.1.6 |
enc:SAML1ScopedString enc:SAML2ScopedString |
ad:Scoped | UNIQUE_ID | NONE |
| eduPersonTargetedID |
urn:mace:dir:attribute-def:eduPersonTargetedID urn:oid:1.3.6.1.4.1.5923.1.1.1.10 urn:oid:1.3.6.1.4.1.5923.1.1.1.10 |
enc:SAML1ScopedString enc:SAML1XMLObject enc:SAML1XMLObject |
ad:Scoped ad:SAML2NameID ad:SAML2NameID |
computedId | ANY |
| eduPersonScopedAffiliation |
urn:mace:dir:attribute-def:eduPersonScopedAffiliation urn:oid:1.3.6.1.4.1.5923.1.1.1.9 |
enc:SAML1ScopedString enc:SAML2ScopedString |
ad:Scoped | eduPersonAffiliation | Member |
| eduPersonEntitlement |
urn:mace:dir:attribute-def:eduPersonEntitlement urn:oid:1.3.6.1.4.1.5923.1.1.1.7 |
enc:SAML1String enc:SAML2String |
ad:Script | NONE | |
| eduPersonAffiliation |
urn:mace:dir:attribute-def:eduPersonAffiliation urn:oid:1.3.6.1.4.1.5923.1.1.1.1 |
enc:SAML1String enc:SAML2String |
ad:Script | eduPersonAffiliation | NONE |
| cn |
urn:mace:dir:attribute-def:cn urn:oid:2.5.4.3 |
enc:SAML1String enc:SAML2String |
ad:Simple | cn | NONE |
| displayName |
urn:mace:dir:attribute-def:displayName urn:oid:2.16.840.1.113730.3.1.241 |
enc:SAML1String enc:SAML2String |
ad:Simple | DISPLAYNAME | NONE |
| eduPersonOrgDN |
urn:mace:dir:attribute-def:eduPersonOrgDN urn:oid:1.3.6.1.4.1.5923.1.1.1.3 |
enc:SAML1String enc:SAML2String |
ad:Simple | eduPersonOrgDN | NONE |
| eduPersonOrgUnitDN |
urn:mace:dir:attribute-def:eduPersonOrgUnitDN urn:oid:1.3.6.1.4.1.5923.1.1.1.4 |
enc:SAML1String enc:SAML2String |
ad:Simple | eduPersonOrgUnitDN | NONE |
| eduPersonPrimaryOrgUnitDN |
urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN urn:oid:1.3.6.1.4.1.5923.1.1.1.8 |
enc:SAML1String enc:SAML2String |
ad:Simple | eduPersonPrimaryOrgUnitDN | NONE |
| givenName |
urn:mace:dir:attribute-def:givenName urn:oid:2.5.4.42 |
enc:SAML1String enc:SAML2String |
ad:Simple | givenName | NONE |
|
urn:mace:dir:attribute-def:mail urn:oid:0.9.2342.19200300.100.1.3 |
enc:SAML1String enc:SAML2String |
ad:Simple | NONE | ||
| o |
urn:mace:dir:attribute-def:o urn:oid:2.5.4.10 |
enc:SAML1String enc:SAML2String |
ad:Simple | o | NONE |
| ou |
urn:mace:dir:attribute-def:ou urn:oid:2.5.4.11 |
enc:SAML1String enc:SAML2String |
ad:Simple | ou | NONE |
| sn |
urn:mace:dir:attribute-def:sn urn:oid:2.5.4.4 |
enc:SAML1String enc:SAML2String |
ad:Simple | sn | NONE |
| oakInternalID |
https://registry.shibboleth.ox.ac.uk/attribute/oakInternalID urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.1 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakInternalID | NONE |
| oakPrincipal |
https://registry.shibboleth.ox.ac.uk/attribute/oakPrincipal urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.2 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakPrincipal | NONE |
| oakPrimaryPrincipal |
https://registry.shibboleth.ox.ac.uk/attribute/oakPrimaryPrincipal urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.3 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakPrimaryPrincipal | NONE |
| dateOfBirth |
https://registry.shibboleth.ox.ac.uk/attribute/dateOfBirth urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.4 |
enc:SAML1String enc:SAML2String |
ad:Simple | dateOfBirth | NONE |
| oakCardExpiry |
https://registry.shibboleth.ox.ac.uk/attribute/oakCardExpiry urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.5 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakCardExpiry | NONE |
| oakStatus |
https://registry.shibboleth.ox.ac.uk/attribute/oakStatus urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.6 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakStatus | NONE |
| oakUniversityBarcode |
https://registry.shibboleth.ox.ac.uk/attribute/oakUniversityBarcode urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.7 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakUniversityBarcode | NONE |
| oakUniversityBarcodeCheckCharacter |
https://registry.shibboleth.ox.ac.uk/attribute/oakUniversityBarcodeCheck... urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.8 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakUniversityBarcodeCheckCharacter | NONE |
| oakUniversityBarcodeFull |
https://registry.shibboleth.ox.ac.uk/attribute/oakUniversityBarcodeFull urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.9 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakUniversityBarcodeFull | NONE |
| oakAlternativeMail |
https://registry.shibboleth.ox.ac.uk/attribute/oakAlternativeMail urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.10 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakAlternativeMail | NONE |
| memberOf |
https://registry.shibboleth.ox.ac.uk/attribute/memberOf urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.11 |
enc:SAML1String enc:SAML2String |
ad:Simple | memberOf | NONE |
| oakPerson |
https://registry.shibboleth.ox.ac.uk/attribute/oakPerson urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.12 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakPerson | NONE |
| oakRole |
https://registry.shibboleth.ox.ac.uk/attribute/oakRole urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.13 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakRole | NONE |
| oakMailDomain |
https://registry.shibboleth.ox.ac.uk/attribute/oakMailDomain urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.14 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakMailDomain | NONE |
| oakSuperUnit |
https://registry.shibboleth.ox.ac.uk/attribute/oakSuperUnit urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.16 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakSuperUnit | NONE |
| oakDivision |
https://registry.shibboleth.ox.ac.uk/attribute/oakDivision urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.17 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakDivision | NONE |
| oakUnitURI |
https://registry.shibboleth.ox.ac.uk/attribute/oakUnitURI urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.18 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakUnitURI | NONE |
| oakITSSFor |
https://registry.shibboleth.ox.ac.uk/attribute/oakITSSFor urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.19 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakITSSFor | NONE |
| oakPrimaryITSSFor |
https://registry.shibboleth.ox.ac.uk/attribute/oakPrimaryITSSFor urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.20 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakPrimaryITSSFor | NONE |
| oakGN |
https://registry.shibboleth.ox.ac.uk/attribute/oakGN urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.21 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakGN | NONE |
| oakAccessGroup |
https://registry.shibboleth.ox.ac.uk/attribute/oakAccessGroup urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.22 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakAccessGroup | NONE |
| oakUnitCode |
https://registry.shibboleth.ox.ac.uk/attribute/oakUnitCode urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.23 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakUnitCode | NONE |
| oakPrimaryPersonID |
https://registry.shibboleth.ox.ac.uk/attribute/oakPersonID urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.25 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakPersonID | NONE |
| oakOSSID |
https://registry.shibboleth.ox.ac.uk/attribute/oakOSSID urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.29 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakOSSID | NONE |
| oakUniversityCardID |
https://registry.shibboleth.ox.ac.uk/attribute/oakUniversityCardID urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.34 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakUniversityCardID | NONE |
| oakOSSCourseCode |
https://registry.shibboleth.ox.ac.uk/attribute/oakOSSCourseCode urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.36 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakOSSCourseCode | NONE |
| oakWeblearnGroupName |
https://registry.shibboleth.ox.ac.uk/attribute/oakWeblearnGroupName urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.45 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakWeblearnGroupName | NONE |
| oakOUCSProvisionedUsername |
https://registry.shibboleth.ox.ac.uk/attribute/oakOUCSProvisionedUsername urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.46 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakOUCSProvisionedUsername | NONE |
| oakOxfordSSOUsername |
https://registry.shibboleth.ox.ac.uk/attribute/oakOxfordSSOUsername urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.47 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakOxfordSSOUsername | NONE |
| oakSSOUsername |
https://registry.shibboleth.ox.ac.uk/attribute/oakSSOUsername urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.48 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakSSOUsername | NONE |
| oakPersonalPrincipal |
https://registry.shibboleth.ox.ac.uk/attribute/oakPersonalPrincipal urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.49 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakPersonalPrincipal | NONE |
| oakPrincipalIsPersonal |
https://registry.shibboleth.ox.ac.uk/attribute/oakPrincipalIsPersonal urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.50 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakPrincipalIsPersonal | NONE |
| oakUnitStatus |
https://registry.shibboleth.ox.ac.uk/attribute/oakUnitStatus urn:oid:1.3.6.1.4.1.11023.1.1.7.2.1.51 |
enc:SAML1String enc:SAML2String |
ad:Simple | oakUnitStatus | NONE |
Get support
If you cannot find the solution you need here then we have other ways to get IT support
