Attribute Release Test
You can test the attribute release of your Higher Education Institution at: https://myacademicid.devtest.eduteams.org/sp/
MyAcademicID SAML Entity:
Property | Value |
---|---|
Entity ID | https://proxy.prod.erasmus.eduteams.org/metadata/backend.xml |
Display Name | MyAcademicID IAM Service |
The purpose of the processing operation is to enable students and faculty of Higher Education Institutions (HEIs) to identify and authenticate themselves to the Services of the European Student Card Initiative and those directly supporting the digitisation of Erasmus+. These services are operated by the European University Foundation (EUF), which supports and enable the student mobility process.
The following attributes are requested:
Attribute | Explanation |
---|---|
Any of:
| The services requires to uniquely identify users throughout the student mobility process. Without some kind of unique identifier, it is not possible to distinguish between two different users. *: The |
eduPersonAssurance | The eduPersonAssurance attribute is required in the case an IdP releases only eduPersonPrincipalName as an identifier and the IdP does not support the Research and Scholarship entity category. In this case, if eduPersonArrusance has a value of value of https://refeds.org/assurance/ID/eppn-unique-no-reassign, in order to be able to use eduPersonPrincipalName as an identifier. |
| The Erasmus process needs to know the name of the person participating in the student mobility process. |
| The service needs to be able to contact the user regarding the status of student mobility process. |
schacPersonalUniqueCode | The student mobility processes require the use of a number of services, all of which are involved in different stages of the pipeline and which will need to be able to exchange data about the students who are in mobility. The European Student Identifier (ESI) is globally unique, persistent, non-targeted, protocol neutral and data transport neutral. In SAML, the ESI is transported in the |
schacHomeOrganization | The student mobility processes need the to identify the Home Institution from which the user is coming from. |
| The student mobility processes rely on authorising access to users based on the affiliation of their members in their home organisation. |
eduPersonEntitlment | The service relies on this attribute to authorise users as EWP Administrators. The expected value for the EWP Admin role is: urn:geant:erasmuswithoutpaper.eu:ewp:admin For more information read EWP Admin Role |
SAML Attribute Names
SAML Attributes MUST be sent using urn:oasis:names:tc:SAML:2.0:attrname-format:uri
NameFormat. Below is the list of the canonical names of the SAML attributes:
SAML Attribute Name | SAML Attribute Friendly Name |
---|---|
urn:oasis:names:tc:SAML:attribute:subject-id | subject-id |
urn:oasis:names:tc:SAML:attribute:pairwise-id | pairwise-id |
urn:oid:0.9.2342.19200300.100.1.3 | |
urn:oid:1.3.6.1.4.1.25178.1.2.14 | schacPersonalUniqueCode |
urn:oid:1.3.6.1.4.1.25178.1.2.9 | schacHomeOrganization |
urn:oid:1.3.6.1.4.1.5923.1.1.1.7 | eduPersonEntitlement |
urn:oid:1.3.6.1.4.1.5923.1.1.1.6 | eduPersonPrincipalName |
| eduPersonScopedAffiliation |
urn:oid:1.3.6.1.4.1.5923.1.1.1.10 | eduPersonTargetedID |
urn:oid:1.3.6.1.4.1.5923.1.1.1.11 | eduPersonAssurance |
urn:oid:1.3.6.1.4.1.5923.1.1.1.13 | eduPersonUniqueId |
urn:oid:1.3.6.1.4.1.5923.1.1.1.16 | eduPersonOrcid |
urn:oid:2.5.4.3 | cn |
urn:oid:2.5.4.4 | surname |
urn:oid:2.5.4.42 | givenName |
urn:oid:2.16.840.1.113730.3.1.241 | displayName |