Versions Compared

Old Version 11

changes.mady.by.user Christian Sprajc

Saved on

compared with

New Version 12

changes.mady.by.user Christian Sprajc

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: zurückgeholt von v. 10

Attribute mapping

(info) = Mandatory attribute to validate an shibboleth login / session.

...

Shibboleth.AttributePowerFolder.FieldPurposeExternal links

Shib-Session-ID

-(info) Must be set for authenticating a valid Shibboleth session

persistent-id

(warning) Deprecated: uniqueID

Account.shibbolethPersistentID(info) Persistent external ID for retrieving/matching an existing PowerFolder account

eduPersonPrincipalName or

(warning) Deprecated:

eppn and or EPPN

Account.username(info) Persistent, external, unique username for retrieving an existing account

mail (warning) Deprecated: or email

Account.emails

(info) Email address(es) of user. Multiple mail address should be separated by

; (semicolon). Matches existing PowerFolder accounts unless turned off in config:

shibboleth.accounts.match_email=false
(warning) Deprecated:

scopedUsername and or

bwScopedUsername

Account.username

Persistent, external, unique username for retrieving an existing account

(warning) Obsolete. Will be removed in the future

 

givenName

Account.firstnameGiven name of the user

surname (warning) Deprecated: or sn

 Account.surnameSurname of the user

o or

(attribute name as in config)

Account.organization and

Account.custom2

Organization (name) of user.

Auto-creates organizations within PowerFolder unless turned off in config:

shibboleth.create.organizations=false

Organization attribute name can be alternated by config:

shibboleth.organizations.attribute=customOrgAttrib

affiliation or

eduPersonScopedAffiliation

(warning) Deprecated: affiliation

 Account.custom1 Affiliation of user

entitlement or

eduPersonEntitlement(warning) Deprecated: entitlement

-

Must match the entitlement value if set in PowerFolder config:

shibboleth.entitlement=http://example.entitlement

(by default no entitlement value is set, which means disabled entitlement check)

(info) The entitlement attribute is optional and should only be set, if it's sent/used by the IdP.

REMOTE_USERAccount.username(question) (warning) Obsolete? Persistent external username for retrieving an account 

...