Shibboleth Attribute Reference

Shibboleth Attribute Reference
In order of popularity This document contains information about the most popular user attributes here at the University. Other attributes are available, so if you don’t see what you’re looking for contact the Identity Management Team (​
[email protected]​
). Attribute Availability In some cases, users may have suppressed some or all of their directory information from public view. Faculty and staff members of the University of Minnesota may only suppress their home address and phone number while students may suppress all of their information. As required by University policy and certain regulations such as FERPA, an Access Request Form (ARF) is required to obtain certain attribute values from the user directory. Multi­Value Attributes Some attributes may contain more than one value. Usually, each individual datum is delimited by a character (i.e., a semi­colon), but this depends on the SAML software being used by the individual service provider (SP). Such attributes are denoted as such in the table below. Common Use Cases 1. I want to be able to email the user ○ Helpful Attributes: ​
mail​
, ​
displayName​
, ​
givenName​
, ​
surname​
, ​
title 2. I want to be able to determine the user’s campus affiliation ○ Helpful Attributes: ​
eduPersonAffiliation 3. I want to be able to determine the user’s role ○ Helpful Attributes: ​
isGuest​
, ​
umnPersonType​
, ​
umnRole displayName eduPersonAffiliation eduPersonPrincipalName facsimileTelephoneNumber givenName homePhone homePostalAddress initials isGuest isMemberOf mail preferredRfc822Originator preferredRfc822Recipient surname (sn) telephoneNumber Shibboleth Attribute Reference
In order of popularity title uid umnAcademicClass umnBusinessAddress umnCampusMail umnDID umnDisplayMail umnEmplID umnJobSummary umnLibAccess umnLibUserType umnOfficeAddress1 umnOfficialNameNoCount umnPatronID umnPersonType umnPhone2 umnRole umnUCard umnUMRptAccess displayName
The name(s) that should appear in directory search applications for this person. Based on the person's PreferredName from PeopleSoft. This attribute is exposed from LDAP via Shibboleth as­is. Attribute Details SAML2 friendlyName displayName SAML2 name urn:oid:2.16.840.1.113730.3.1.241 SAML2 type SAML2String Multiple Values No Example Value(s) Joseph Student Availability ARF required Internet2 EduPerson Reference eduPersonAffiliation
Specifies the person's relationship(s) to the institution in broad categories (student, faculty, etc). Shibboleth Attribute Reference
In order of popularity Attribute Details SAML2 friendlyName eduPersonAffiliation SAML2 name urn:oid:1.3.6.1.4.1.5923.1.1.1.1 SAML2 type SAML2String Multiple Values Yes Example Value(s) Member, Student Availability ARF required Internet2 EduPerson Reference eduPersonPrincipalName
Fully­qualified username ([email protected]) but not necessarily the user’s published email address. Attribute Details SAML2​
​
friendlyName eduPersonPrincipalName SAML2 name urn:oid:1.3.6.1.4.1.5923.1.1.1.6 SAML2 type SAML2ScopedString Multiple Values No Example Value(s) [email protected] Availability Included in default set Internet2 EduPerson Reference facsimileTelephoneNumber
Contains telephone numbers (and, optionally, the parameters) for facsimile (fax) terminals. Each telephone number is one value of this multi­valued attribute​
. Attribute Details SAML2 friendlyName facsimileTelephoneNumber SAML2 name urn:oid:2.5.4.23 SAML2 type SAML2String Shibboleth Attribute Reference
In order of popularity Multiple Values Yes Example Value(s) +1 608­555­1212 Availability Not included in default set; no ARF required Internet2 EduPerson Reference givenName
The user’s first name; based on the PreferredName from the individual’s PeopleSoft record, if present. At the University, individuals have the opportunity to specify a name that may differ from their legal or ‘primary’ name. Attribute Details SAML2 friendlyName givenName SAML2 name urn:oid:2.5.4.42 SAML2 type SAML2String Multiple Values No Example Value(s) Joseph Availability ARF required Internet2 EduPerson Reference homePhone
Specifies a home telephone number associated with the individual (ie: +1 608 555 1212). Attribute Details SAML2 friendlyName homePhone SAML2 name urn:oid:0.9.2342.19200300.100.1.20 SAML2 type SAML2String Multiple Values No Example Value(s) +1 608­555­1212 Availability ARF required Shibboleth Attribute Reference
In order of popularity Internet2 EduPerson Reference homePostalAddress
Specifies a home postal address for an individual (up to 6 lines of 30 characters each). Attribute Details SAML2 friendlyName homePostalAddress SAML2 name urn:oid:0.9.2342.19200300.100.1.39 SAML2 type SAML2String Multiple Values No Example Value(s) 123 Main Street North $ Minneapolis, MN 55415­1234 Availability ARF required Internet2 EduPerson Reference initials
The user's middle initials (that is, not including the user’s given name and surname). Attribute Details SAML2 friendlyName initials SAML2 name urn:oid:2.5.4.43 SAML2 type SAML2String Multiple Values No Example Value(s) GT Availability ARF required Internet2 EduPerson Reference isGuest
Boolean that indicates whether the user account is a guest. Shibboleth Attribute Reference
In order of popularity Attribute Details SAML2 friendlyName isGuest SAML2 name https://www.umn.edu/shibboleth/attributes/isGuest SAML2 type SAML2String Multiple Values No Example Value(s) TRUE Availability Included in default set isMemberOf
The isMemberOf attribute contains a value for each group the user belongs to. Attribute Details SAML2 friendlyName isMemberOf SAML2 name urn:oid:1.3.6.1.4.1.5923.1.5.1.1 SAML2 type SAML2String Multiple Values Yes Example Value(s) cn=umn:oit:webtarget:umreports,ou=Groups,o=Univ
ersity of Minnesota ,c=US Availability ARF required mail
Contains a value for each of the user's email addresses; ​
though multi­valued, there is often only one value. Preferred address for the "to:" field of email to be sent to this person. Attribute Details SAML2 friendlyName mail SAML2 name urn:oid:0.9.2342.19200300.100.1.3 SAML2 type SAML2String Shibboleth Attribute Reference
In order of popularity Multiple Values Yes Example Value(s) [email protected] Availability ARF required Internet2 EduPerson Reference preferredRfc822Originator
The preferredRfc822Originator attribute contains the canonical From address and is not necessarily the same as the DisplayMail address ­it might include things such as the email hostname, for example, but often doesn’t anymore. Attribute Details SAML2 friendlyName preferredRfc822Originator SAML2 name https://www.umn.edu/shibboleth/attributes/preferred
Rfc822Originator SAML2 type SAML2String Multiple Values No Example Value(s) [email protected] Availability ARF required preferredRfc822Recipient
The preferredRfc822Recipient attribute contains the user’s primary forwarding e­mail address ­which may or may not be the same as the DisplayMail address. Attribute Details SAML2 friendlyName preferredRfc822Recipient SAML2 name https://www.umn.edu/shibboleth/attributes/preferred
Rfc822Recipient SAML2 type SAML2String Multiple Values No Example Value(s) username@g­mx.umn.edu Shibboleth Attribute Reference
In order of popularity Availability ARF required surname (sn)
The user’s last name; based on the PreferredName from the individual’s PeopleSoft record, if present. Attribute Details SAML2 friendlyName surname SAML2 name urn:oid:2.5.4.4 SAML2 type SAML2String Multiple Values No Example Value(s) Jones Availability ARF required Internet2 EduPerson Reference telephoneNumber
The user’s office/campus phone number (ie: +1 608 555 1212).. Attribute Details SAML2 friendlyName mail SAML2 name urn:oid:2.5.4.20 SAML2 type SAML2String Multiple Values No Example Value(s) +1 612­625­5000 Availability ARF required Internet2 EduPerson Reference title
The title of a person in their organizational context. Each title is one value of this multi­valued attribute. Shibboleth Attribute Reference
In order of popularity Attribute Details SAML2 friendlyName title SAML2 name urn:oid:2.5.4.12 SAML2 type SAML2String Multiple Values Yes Example Value(s) Bus/Sys Anlst Availability ARF required Internet2 EduPerson Reference uid
User login name (ie: user1234), but can be changed under certain circumstances at the University by a name change request from the user. Attribute Details SAML2 friendlyName uid SAML2 name urn:oid:0.9.2342.19200300.100.1.1 SAML2 type SAML2String Multiple Values No Example Value(s) john1234 Availability Included in default set Internet2 EduPerson Reference umnAcademicClass
If the individual is enrolled in UMN courses. this attribute displays the type of degree program. Attribute Details SAML2 friendlyName umnAcademicClass Shibboleth Attribute Reference
In order of popularity SAML2 name https://www.umn.edu/shibboleth/attributes/umnAcad
emicClass SAML2 type SAML2String Multiple Values Example Value(s) Non­degree, Freshman Availability ARF required umnBusinessAddress
This is typically an on­campus work address, such as a healthcare provider’s clinic address. Attribute Details SAML2 friendlyName umnBusinessAddress SAML2 name https://www.umn.edu/shibboleth/attributes/umnBusin
essAddress SAML2 type SAML2String Multiple Values No Example Value(s) 123 Main Street North $ Minneapolis, MN 55415­1234 Availability ARF required umnCampusMail
The campus mail address of the individual, but not necessarily the location of the individual’s on­campus office. ​
Note: ​
the alphanumeric string on the third line corresponds to the Campus Mail Code. Attribute Details SAML2 friendlyName umnCampusMail SAML2 name https://www.umn.edu/shibboleth/attributes/umnCam
pusMail SAML2 type SAML2String Multiple Values No Shibboleth Attribute Reference
In order of popularity Example Value(s) Ofc of Information Technology $ Room 660 WBOB $ 7531A $ 1300 S 2nd St $ Minneapolis, MN 55454 Availability ARF required umnDID
The internal directory ID for a given user; an alternate unique identifier for an account (example?). Attribute Details SAML2 friendlyName umnDID SAML2 name https://www.umn.edu/shibboleth/attributes/umnDID SAML2 type SAML2String Multiple Values No Example Value(s) 3c8hyy463 Availability Included in default set umnDisplayMail
The individual’s ‘official UMN’ email address that is displayed in the directory. The account may forward to another (non­UMN) email account. Attribute Details SAML2 friendlyName umnDisplayMail SAML2 name https://www.umn.edu/shibboleth/attributes/umnDispl
ayMail SAML2 type SAML2String Multiple Values No Example Value(s) [email protected] Availability ARF required Shibboleth Attribute Reference
In order of popularity umnEmplID
The user’s Employee ID (or EmplID, StudentID in the case of students) from PeopleSoft Attribute Details SAML2 friendlyName umnEmplId SAML2 name urn:oid:2.16.840.1.113730.3.1.3 SAML2 type SAML2String Multiple Values No Example Value(s) 0123456 Availability ARF required umnJobSummary
A delimited string that returns information about an individual's appointment(s), including department code, pay code, appointment status, location, etc. This attribute provides the most detailed information about an individual’s job status at the University. Attribute Details SAML2 friendlyName umnJobSummary SAML2 name https://www.umn.edu/shibboleth/attributes/umnJobS
ummary SAML2 type SAML2String Multiple Values Yes Example Value(s) 801A:0000:8639ZN:A:FER:TCEASTBANK:40.00::Inf
ormation Technology ,Ofc of:Bus/Sys Anlst 2 No Entry:10068:OITXX:P:Z0437: Availability ARF required umnLibAccess
The umnLibAccess attribute contains library access flags assigned to the user. Shibboleth Attribute Reference
In order of popularity Attribute Details SAML2 friendlyName umnLibAccess SAML2 name https://www.umn.edu/shibboleth/attributes/umnLibAc
cess SAML2 type SAML2String Multiple Values Yes Example Value(s) 2 Availability ARF required umnLibUserType
Describes the type of library access an individual has, which could include multiple types. Attribute Details SAML2 friendlyName umnLibUserType SAML2 name https://www.umn.edu/shibboleth/attributes/umnLibU
serType SAML2 type SAML2String Multiple Values Yes Example Value(s) IMNU:48 Availability ARF required umnOfficeAddress1
The individual’s primary campus address. Attribute Details SAML2 friendlyName umnOfficeAddress1 SAML2 name https://www.umn.edu/shibboleth/attributes/umnOffic
eAddress1 Shibboleth Attribute Reference
In order of popularity SAML2 type SAML2String Multiple Values No Example Value(s) Ofc of Information Technology $ Room 209E WBOB $ 1300 S 2nd St $ Minneapolis, MN 55454 Availability ARF required umnOfficialNameNoCount
The individual’s Preferred Name from PeopleSoft without the incremental digit suffix. Attribute Details SAML2 friendlyName umnOfficialNameNoCount SAML2 name https://www.umn.edu/shibboleth/attributes/umnOffici
alNameNoCount SAML2 type SAML2String Multiple Values No Example Value(s) User J Userson Availability ARF required umnPatronID
Contains the user’s UMN Library Card Number. Attribute Details SAML2 friendlyName umnPatronID SAML2 name https://www.umn.edu/shibboleth/attributes/umnPatro
mID SAML2 type SAML2String Multiple Values No Example Value(s) 2UCSA1010410ZBY Availability ARF required Shibboleth Attribute Reference
In order of popularity umnPersonType
User's classification at the University as student, staff, alumni, etc. This attribute is the most general in terms of describing an individual’s job or registration status. Attribute Details SAML2 friendlyName umnPersonType SAML2 name https://www.umn.edu/shibboleth/attributes/umnPers
onType SAML2 type SAML2String Multiple Values Yes Example Value(s) Degree Availability ARF required umnPhone2
An alternate campus phone number. Attribute Details SAML2 friendlyName umnPhone2 SAML2 name https://www.umn.edu/shibboleth/attributes/umnPhon
e2 SAML2 type SAML2String Multiple Values No Example Value(s) +1 608­555­1212 Availability ARF required umnRole
This attribute provides more detailed information about an individual’s job or registration status. A multi­segmented string containing campus affiliation, guest status, college/dept code, etc. Shibboleth Attribute Reference
In order of popularity Attribute Details SAML2 friendlyName umnRole SAML2 name https://www.umn.edu/shibboleth/attributes/umnRole SAML2 type SAML2String Multiple Values Yes Example Value(s) tc.staff.oit.801A.8639ZN Availability ARF required umnUCard
The individual’s 17­digit UCard number. Attribute Details SAML2 friendlyName umnUCard SAML2 name https://www.umn.edu/shibboleth/attributes/umnUCar
d SAML2 type SAML2String Multiple Values No Example Value(s) 60095340148883762 Availability ARF required umnUMRptAccess
Boolean indicating whether the user has access to UM Reports. Attribute Details SAML2 friendlyName umnUMRptAccess SAML2 name https://www.umn.edu/shibboleth/attributes/umnUMR
ptAccess SAML2 type SAML2String Shibboleth Attribute Reference
In order of popularity Multiple Values No Example Value(s) FALSE Availability ARF required