Versions Compared

Old Version 10

changes.mady.by.user Christian Sprajc

Saved on

compared with

New Version 11

changes.mady.by.user Christian Sprajc

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Attribute mapping

(info) = Mandatory attribute to validate an shibboleth login / session.

...

Shibboleth.AttributePowerFolder.FieldPurposeExternal links

Shib-Session-ID

-(info) Must be set for authenticating a valid Shibboleth session

persistent-id

(warning) Deprecated: uniqueID

Account.shibbolethPersistentID(info) Persistent external ID for retrieving/matching an existing PowerFolder account

eduPersonPrincipalName or

(warning) Deprecated:

eppn or and EPPN

Account.username(info) Persistent, external, unique username for retrieving an existing account

mail or

(warning) Deprecated: email

Account.emails

(info) Email address(es) of user. Multiple mail address should be separated by

; (semicolon). Matches existing PowerFolder accounts unless turned off in config:

shibboleth.accounts.match_email=false

(warning) Deprecated:

scopedUsername or and

bwScopedUsername

Account.username

Persistent, external, unique username for retrieving an existing account(warning) Obsolete. Will be removed in the future

 

givenName

Account.firstnameGiven name of the user

surname or

(warning) Deprecated: sn

 Account.surnameSurname of the user

o or

(attribute name as in config)

Account.organization and

Account.custom2

Organization (name) of user.

Auto-creates organizations within PowerFolder unless turned off in config:

shibboleth.create.organizations=false

Organization attribute name can be alternated by config:

shibboleth.organizations.attribute=customOrgAttrib

eduPersonScopedAffiliation

(warning) Deprecated: affiliation or

eduPersonScopedAffiliation

 Account.custom1 Affiliation of user

eduPersonEntitlement

(warning) Deprecated: entitlement oreduPersonEntitlement

-

Must match the entitlement value if set in PowerFolder config:

shibboleth.entitlement=http://example.entitlement

(by default no entitlement value is set, which means disabled entitlement check)

(info) The entitlement attribute is optional and should only be set, if it's sent/used by the IdP.

REMOTE_USERAccount.username(question) (warning) Obsolete? Persistent external username for retrieving an account 

...