Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • Affiliation and scope derived from eduPersonScopedAffiliation
    • This one separates out scope and role from the single SAML attribute that contains both
    • Scope is the recommended organisation identifier in SAML
    • It is not turned on by default, but is often useful
    • A user might have several roles, but they will all have a common scope

  • Common EduPerson 
    • Set on by default for new connections
    • This one maps the four most commonly used SAML attributes to sensible claim names (targetedID, pairwise-idpairwiseID, scopedAffiliation and entitlement)

  • Extended EduPerson
    • This one maps all the less common SAML attributes and will usually not be necessary