Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following attributes are requested:

AttributeExplanation

Any of:

  • Persistent NameID
  • eduPersonPrincipalName
1
  • *
  • eduPersonTargetedID
  • eduPersonUniqueId
  • eduPersonOrcid
  • subject-id
  • pairwise-id

The services requires to uniquely identify users throughout the student mobility process. Without some kind of unique identifier, it is not possible to distinguish between two different users.

*: The eduPersonPrincipalName can be used only if one of the following conditions are met: i) the IdP supports the R&S Enitity Category, ii) the eduPersonAssurance attribute is also released and it has a value of https://refeds.org/assurance/ID/eppn-unique-no-reassign, iii) the federation in which the IdP has registered has a policy that prohibits the reassignment of the value of the eduPersonPrincipalName attribute

eduPersonAssuranceThe eduPersonAssurance attribute is required in the case an IdP releases only eduPersonPrincipalName as an identifier and the IdP does not support the Research and Scholarship entity category. In this case, if eduPersonArrusance has a value of value of https://refeds.org/assurance/ID/eppn-unique-no-reassign, in order to be able to use eduPersonPrincipalName as an identifier.

Any of:

  • cn
  • displayName
  • sn + givenName
The Erasmus process needs to know the name of the person participating in the student mobility process.

mail

The service needs to be able to contact the user regarding the status of student mobility process.
schacPersonalUniqueCode

The student mobility processes require the use of a number of services, all of which are involved in different stages of the pipeline and which will need to be able to exchange data about the students who are in mobility. The European Student Identifier (ESI) is globally unique, persistent, non-targeted, protocol neutral and data transport neutral. In SAML, the ESI is transported in the schacPersonaUniqueCode attribute (as defined in the SCHema for Academia). Currently support for the ESI is being rolled out in Higher Education Institutions around Europe. If your HEI, already supports the ESI, you can release it to the ERASMUS SP Proxy using this attribute.

schacHomeOrganizationThe student mobility processes need the to identify the Home Institution from which the user is coming from.

eduPersonScopedAffiliation

The student mobility processes rely on authorising access to users based on the affiliation of their members in their home organisation.

...

SAML Attribute Names

SAML Attributes MUST be sent using urn:oasis:names:tc:SAML:2.0:attrname-format:uri NameFormat. Below is the list of the canonical names of the SAML attributes:

SAML Attribute NameSAML Attribute Friendly Name
urn:oasis:names:tc:SAML:attribute:subject-idsubject-id
urn:oasis:names:tc:SAML:attribute:pairwise-idpairwise-id
urn:oid:0.9.2342.19200300.100.1.3 email
urn:oid:1.3.6.1.4.1.25178.1.2.9schacHomeOrganization
urn:oid:1.3.6.1.4.1.5923.1.1.1.6eduPersonPrincipalName

urn:oid:1.3.6.1.4.1.5923.1.1.1.9

eduPersonScopedAffiliation

urn:oid:1.3.6.1.4.1.5923.1.1.1.10

eduPersonTargetedID

urn:oid:1.3.6.1.4.1.5923.1.1.1.11eduPersonAssurance
urn:oid:1.3.6.1.4.1.5923.1.1.1.13eduPersonUniqueId
urn:oid:1.3.6.1.4.1.5923.1.1.1.16eduPersonOrcid
urn:oid:2.5.4.3cn
urn:oid:2.5.4.4 surname
urn:oid:2.5.4.42givenName
urn:oid:2.16.840.1.113730.3.1.241 displayName