Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

This document defines the attributes available to relying services from E-INFRA AAI.

E-INFRA Identifier

  • Description: unique, unrecykled user´s identificator within e-infrastructure CESNET

  • SAML attribute(s): urn:oid:1.3.6.1.4.1.5923.1.1.1.13 (eduPersonUniqueId)

  • OIDC scope: openid

  • OIDC claim: sub

  • Multiplicity: No

  • Changes: No

  • Example value: 3e65bd2aa4c818bd3579023939b546b69e1b75ee@einfra.cesnet.cz

  • Note:

E-INFRA username

  • Description: User´s login within e-infrastructure CESNET

  • SAML attribute(s): urn:oid:1.3.6.1.4.1.5923.1.1.1.6 (eduPersonPrincipalName)

  • OIDC scope: profile

  • OIDC claim: preferred_username (Without scope)

  • Multiplicity: Single-value

  • Changes: May be changed (revoked) over time (e.g. if a user changes their name). Revoked identifiers will not be reassigned.

  • Example value: josef@einfra.cesnet.cz

  • Note:

Affiliation with E-INFRA AAI

  • Description: Specifies the person's affiliation within the E-INFRA AAI. Fixed scope '@einfra.cesnet.cz' is used after the at sign. The default value affiliate@einfra.cesnet.cz is automatically assigned.

  • SAML attribute(s): urn:oid:1.3.6.1.4.1.5923.1.1.1.9 (eduPersonScopedAffiliation)

  • OIDC scope: -

  • OIDC claim: -

  • Multiplicity: Multi-valued

  • Changes: Can change

  • Example value: affiliate@einfra.cesnet.cz

  • Note: Same for all users: affiliate@einfra.cesnet.cz

Affiliation with home organization

  • Description: One or more home organisations (such as, universities, research institutions or private companies) this user is affiliated with. The syntax and semantics follows eduPersonScopedAffiliation attribute.

  • SAML attribute(s): urn:oid:1.3.6.1.4.1.34998.3.3.1.11

  • OIDC scope: voperson_external_affiliation

  • OIDC claim: voperson_external_affiliation

  • Multiplicity: Multi-valued

  • Changes: Can change

  • Example value: [affiliate@einfra.cesnet.cz, affiliate@google.extidp.cesnet.cz]

  • Note:

Entitlements

  • Description: A list of groups where a user is a member. It´s connected to a service and merged with a list of groups received from IdP.

  • SAML attribute(s): urn:oid:1.3.6.1.4.1.5923.1.1.1.7 (eduPersonEntitlement)

  • OIDC scope: eduperson_entitlement

  • OIDC claim: eduperson_entitlement

  • Multiplicity: Multi-valued

  • Changes: Can change

  • Example value: [urn:geant:cesnet.cz:group:einfra#Perun Identity and Management System - Maintenance , urn:geant:cesnet.cz:group:einfra:members#Perun Identity and Management System - Maintenance ]

  • Note:

    • More information can be found here .

User's identifiers

  • Description: A list of all user´s eduPersonPrincipalName (merging by all registered external identities)

  • SAML attribute(s): urn:oid:1.3.6.1.4.1.34998.3.3.1.5

  • OIDC scope: voperson_external_id

  • OIDC claim: voperson_external_id

  • Multiplicity: Multi-valued

  • Changes: Can change

  • Example value: [cesnetLogin@cesnet.cz, googleLogin@google.extidp.cesnet.cz]

  • Note:

loa

  • Description: Maximum value loa from all external identites

  • SAML attribute(s): urn:oid:1.3.6.1.4.1.8057.2.1

  • OIDC scope: -

  • OIDC claim: -

  • Multiplicity: Single-valued

  • Changes: Can change

  • Example value: 2

  • Note: DEPRECATED

Display Name

  • Description: User name

  • SAML attribute(s):

    • urn:oid:2.16.840.1.113730.3.1.241 (displayName)

    • urn:oid:2.5.4.3 (cn)

  • OIDC scope: profile

  • OIDC claim: name

  • Multiplicity: Single-valued

  • Changes: Can change

  • Example value: Josef Novák

  • Note:

sn

  • Description: User surname

  • SAML attribute(s): urn:oid:2.5.4.4

  • OIDC scope: profile

  • OIDC claim: family_name

  • Multiplicity: Single-valued

  • Changes: Can change

  • Example value: Novák

  • Note:

givenName

  • Description: User given name

  • SAML attribute(s): urn:oid:2.5.4.42 (givenName)

  • OIDC scope: profile

  • OIDC claim: given_name

  • Multiplicity: Single-valued

  • Changes: Can change

  • Example value: Josef

  • Note:

mail

  • Description: User Email

  • SAML attribute(s): urn:oid:0.9.2342.19200300.100.1.3 (mail)

  • OIDC scope: email

  • OIDC claim: email

  • Multiplicity: Single-valued

  • Changes: Can change

  • Example value: email@email.com

  • Note:

isCesnetEligibleLastSeen

  • Description: Timestamp when a user logged for the last time with the identity fulfilling the condition of academic employee

  • SAML attribute(s): urn:cesnet:proxyidp:attribute:isCesnetEligibleLastSeen

  • OIDC scope: isCesnetEligibleLastSeen

  • OIDC claim: isCesnetEligibleLastSeen

  • Multiplicity: Single-valued

  • Changes: Can change

  • Example value: 2019-07-18 07:53:37

  • Note:

Ofline access

  • Description: Possibility to release refresh token

  • SAML attribute(s): -

  • OIDC scope: offline_access

  • OIDC claim: offline_access

  • Multiplicity: Single-valued

  • Changes: Can change

  • Example value: true

  • Note:

Access into Perun RPC API

  • Description: Possibility to access into Perun RPC API

  • SAML attribute(s): -

  • OIDC scope: perun_api

  • OIDC claim: perun_api

  • Multiplicity: Single-valued

  • Changes: Can change

  • Example value: TRUE

  • Note: The value is static.

Perun Admin access

  • Description: Information in user has Perun Admin access rights.

  • SAML attribute(s): -

  • OIDC scope: perun_admin

  • OIDC claim: perun_admin

  • Multiplicity: Single-valued

  • Changes: Can change

  • Example value: TRUE

  • Note: The value is static.

  • No labels

Support: perun@cesnet.cz