Versions Compared

Old Version 1

changes.mady.by.user Veronika Borovská

Saved on

compared with

New Version Current

changes.mady.by.user Pavel Vyskočil

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Description: unique, unrecykled user´s identificator within eE-infrastructure CESNETINFRA AAI

  • SAML attribute(s): urn:oid:1.3.6.1.4.1.5923.1.1.1.13 (eduPersonUniqueId)

  • OIDC scope: openid

  • OIDC claim: sub

  • Multiplicity: No

  • Changes: No

  • Example value: 3e65bd2aa4c818bd3579023939b546b69e1b75ee@einfra.cesnet.cz

  • Note:

...

  • Description: User´s login within eE-infrastructure CESNETINFRA AAI

  • SAML attribute(s): urn:oid:1.3.6.1.4.1.5923.1.1.1.6 (eduPersonPrincipalName)

  • OIDC scope: profile

  • OIDC claim: preferred_username (Without scope)

  • Multiplicity: Single-value

  • Changes: May be changed (revoked) over time (e.g. if a user changes their name). Revoked identifiers will not be reassigned.

  • Example value: josef@einfra.cesnet.cz

  • Note:

...

  • Description: A list of groups where a user is a member. It´s connected to a service and merged with a list of groups received from IdP.

  • SAML attribute(s): urn:oid:1.3.6.1.4.1.5923.1.1.1.7 (eduPersonEntitlement)

  • OIDC scope: eduperson_entitlement

  • OIDC claim: eduperson_entitlement

  • Multiplicity: Multi-valued

  • Changes: Can change

  • Example value: [urn:geant:cesnet.cz:group:einfra#Perun Identity and Management System - Maintenance , urn:geant:cesnet.cz:group:einfra:members#Perun Identity and Management System - Maintenance ]

  • Note:

    • More information can be found here .

User's identifiers

  • Description: A list of all user´s eduPersonPrincipalName (merging by all registered external identities)

  • SAML attribute(s): urn:oid:1.3.6.1.4.1.34998.3.3.1.5

  • OIDC scope: voperson_external_id

  • OIDC claim: voperson_external_id

  • Multiplicity: Multi-valued

  • Changes: Can change

  • Example value: [cesnetLogin@cesnet.cz, googleLogin@google.extidp.cesnet.cz]

  • Note:

...

  • Description: User Email

  • SAML attribute(s): urn:oid:0.9.2342.19200300.100.1.3 (mail)

  • OIDC scope: email

  • OIDC claim: email

  • Multiplicity: Single-valued

  • Changes: Can change

  • Example value: email@email.com

  • Note:

isCesnetEligibleLastSeen

  • Description: Timestamp when a user logged for the last time with the identity fulfilling the condition of academic employee

  • SAML attribute(s): urn:cesnet:proxyidp:attribute:isCesnetEligibleLastSeen

  • OIDC scope: isCesnetEligibleLastSeen

  • OIDC claim: isCesnetEligibleLastSeen

  • Multiplicity: Single-valued

  • Changes: Can change

  • Example value: 2019-07-18 07:53:37

  • Note:

Ofline access

  • Description: Possibility to release refresh token

  • SAML attribute(s): -

  • OIDC scope: offline_access

  • OIDC claim: offline_access

  • Multiplicity: Single-valued

  • Changes: Can change

  • Example value: true

  • Note:

...