Lehigh's SSO SAML2 Identity Provider (IDP) automatically maps account attributes which are shared with the service provider (SP) when you authenticate and login. Here are the default mappings and some examples.
Attribute Name | English Name | Example |
---|---|---|
urn:oid:0.9.2342.19200300.100.1.1 | username | x057 |
urn:oid:0.9.2342.19200300.100.1.3 | email address | x057@lehigh.edu |
urn:oid:1.3.6.1.4.1.5923.1.1.1.6 | eppn or eduPersonPrincipalName | x057@lehigh.edu |
urn:oid:1.3.6.1.4.1.5923.1.1.1.7 | eduPersonEntitlement | urn:mace:dir:entitlement:common-lib-terms |
urn:oid:1.3.6.1.4.1.5923.1.1.1.1 | eduPersonAffiliation | alum, employee, member, staff, faculty, student, affiliate, library-walk-in1 |
urn:oid:1.3.6.1.4.1.5923.1.1.1.5 | eduPersonPrimaryAffiliation | staff |
urn:oid:2.5.4.3 | commonName | Test Account |
urn:oid:2.16.840.1.113730.3.1.241 | displayName | Test Account |
urn:oid:2.5.4.4 | Last Name (sn or surname) | Account |
urn:oid:2.5.4.42 | First Name (givenName) | Test |
urn:oid:1.3.6.1.4.1.5923.1.1.1.10 | eduPersonTargetedID | dffd47824f4baccd481469fa428231f1f6e04 |
urn:oid:1.3.6.1.4.1.5923.1.1.1.9 | eduPersonScopedAffiliation | alum@lehigh.edu, staff@lehigh.edu, student@lehigh.edu |
1.3.6.1.4.1.5923.1.1.1.16 | eduPersonOrcid | http://orcid.org/0000-0002-1825-00972 |
Notes:
- Library-walk-in isn't currently used at Lehigh.
- eduPersonOrcid isn't currently included in our attributes.
A good discussion of the attributes and their mapping and usage can be found in the REFEDS eduPerson standard.