Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • Attribute: A non-empty SAML Attribute sent as a part of a SAML AttributeStatement
  • Information: Either an attribute or a set of attributes for which a transformation or combination algorithm is available to produce data for an application (ie: e-mail, affiliationname)
  • Requested information: The set of attributes or meta-attributes (such as a non-reassigned identifier or a name), that is requested by the SP by using SAML metadata, whether or not isRequired is flagged.
  • All necessary information: Set of released attributes that can provide all requested information
  • Minimal information = required information: If the tested SP has an entity category, where the minimal set is defined (such as R&S), the minimal information is the minimal set. Otherwise it is the set of attributes that can provide the subset of requested information, where isRequired="true" is set in the SP's SAML metadata.
  • Basic information: A set of attributes, including at least a persistent identifier represented by at least one of:
  • Superfluous attribute: Attribute that is sent by the IdP even though the information is not requested by the SP. Sending the same attribute in different NameFormats does not count as superfluous information. A redundant attribute does not count as superfluous information, if the source attribute(s) is/are requested. As a special case, eduPersonTargetedID is not a superfluous attribute if eduPersonPrincipalName is requested either directly via a RequestedAttribute metadata element or indirectly by declaring R&S entity category.
  • R&S requirements: According to the R&S specification, the following attributes must be provided by an R&S IdP:
  • Redundant attributes: Information that can be extracted from one or more attributes:
    • schacHomeOrganization <= eduPersonScopedAffiliation
    • schacHomeOrganization <= eduPersonPrincipalName
    • eduPersonAffiliation <= eduPersonScopedAffiliation
    • cn <= sn+givenName
    • displayName <= sn+givenName
    • cn <= displayName
    • displayName <= cn
    • as a special case, even though sn and givenName can not be reliably extracted from cn or displayName, however for EARC ranking, they are treated as redundant to both cn and displayName.
    • eduPersonTargetedID <= SAML 2.0 persistent NameID
  • Personal information: All received attributes except for
    • schacHomeOrganization
    • schacHomeOrganizationType
    • eduPersonAffiliation
    • eduPersonScopedAffiliation
    • o
    • eduPersonEntitlement with the value of "urn:mace:dir:entitlement:common-lib-terms" (other values are treated as personal attributes)


There is a simple API to query the test verdicts for all Identity Providers and for a particular one.

Query all Identity Provider Results:

Query Format: HTTP GET to



This will return all the tested Identity Providers with their basic information, test verdicts and a URL to the details page. The response is a JSON-encoded.

Query Results for one specific Identity Provider:

Query Format: HTTP GET to 

HTML IdP EntityID#


This will return information for the specific Identity Provider whose URL-encoded entityID is added to the query URL.