Lehigh's SSO Identity Provider (IDP) automatically maps account attributes which are shared with the service provider (SP) when you authenticate and login to a service, using the SAML2 protocol.
Here are the default mappings and some examples -
| Attribute Name | English Name | Example |
|---|---|---|
| urn:oid:0.9.2342.19200300.100.1.1 | username | x057 |
| urn:oid:0.9.2342.19200300.100.1.3 | email address | x057@lehigh.edu |
| urn:oid:1.3.6.1.4.1.5923.1.1.1.6 | eppn or eduPersonPrincipalName | x057@lehigh.edu |
| urn:oid:1.3.6.1.4.1.5923.1.1.1.7 | eduPersonEntitlement | urn:mace:dir:entitlement:common-lib-terms |
| urn:oid:1.3.6.1.4.1.5923.1.1.1.1 | eduPersonAffiliation | alum, employee, member, staff, faculty, student, affiliate, library-walk-in1 |
| urn:oid:1.3.6.1.4.1.5923.1.1.1.5 | eduPersonPrimaryAffiliation | staff |
| urn:oid:2.5.4.3 | commonName | Test Account |
| urn:oid:2.16.840.1.113730.3.1.241 | displayName | Test Account |
| urn:oid:2.5.4.4 | Last Name (sn or surname) | Account |
| urn:oid:2.5.4.42 | First Name (givenName) | Test |
| urn:oid:1.3.6.1.4.1.5923.1.1.1.10 | eduPersonTargetedID | dffd47824f4baccd481469fa428231f1f6e04 |
| urn:oid:1.3.6.1.4.1.5923.1.1.1.9 | eduPersonScopedAffiliation | alum@lehigh.edu, staff@lehigh.edu, student@lehigh.edu |
| 1.3.6.1.4.1.5923.1.1.1.16 | eduPersonOrcid | http://orcid.org/0000-0002-1825-00972 |
Notes:
- Library-walk-in isn't currently used at Lehigh.
- eduPersonOrcid isn't currently included in our attributes.
A good discussion of the attributes and their mapping and usage can be found in the REFEDS eduPerson standard. The SAML Control Panel extension for Chrome and the SAML Tracer addon for firefox are excellent tools for debugging SAML login issues.
sha256 Fingerprint=90:75:76:42:A6:13:10:5F:29:44:0E:DC:32:4C:76:D0:E2:24:3F:15:E6:80:07:4E:E3:98:20:C4:E9:51:EB:BA