Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • sub - a non-persistent user identifier.
  • realmName - the SAML entityID of the end-users' organisation - e.g. https://idp.hogwarts.sch.uk/openathens 
  • Issuer.errorURL - where present will be a URL a user can be sent to when you can't let them in because of something at their end. See: The errorURL attribute and what it is for

  • eduPersonTargetedID - a persistent user identifier 
  • eduPersonScopedAffiliation - a scoped role - e.g. member@hogwarts.sch.uk 
  • derivedEduPersonAffiliation - just the role bit extracted from the thing above - e.g. member
  • derivedEduPersonScope - just the scope bit, etc - e.g. hogwarts.sch.uk 
  • One or both of these identifiers depending on the identity provider
      pairwiseID - another
      • eduPersonTargetedID - a persistent user identifier, being depreciated in many federations 
      • pairwiseID - a persistent user identifier that is replacing eduPersonTargetedID

    There may be more, depending on what the identity provider is sending, but these should always show up. 

    ...