SAML Attribute Release Guidelines
For many SAML-enabled sites to allow a user to access protected materials, certain information about the user must be provided. Some sites need to know name, e-mail address, or a specific entitlement (WCU handles entitlement through AD Group memberships). Some others merely want to know whether the user is WCU faculty, staff, or student, and don’t depend upon the particular identity of the user in question — only that WCU is willing to vouch for them.
Default Attribute Release
To simplify the attribute release, we have implemented the default attribute release for qualified Service Providers (SPs). The blanket attribute release includes the following attributes:
| Attribute | Description/Example |
|---|---|
| uid | WCUPA Username, 75fbook |
| eduPersonPrincipalName | WCUPA User+@wcupa.edu, fbook@wcupa.edu |
| fbook@wcupa.edu or fb123456@wcupa.edu | |
| givenName | First Name, Fred |
| sn | surname/LastName, Book |
| displayName | Last, First Name, Book, Fred T. |
| eduPersonAffiliation | employee or student |
| eduPersonScopedAffiliation | employee@wcupa.edu |
Notes
- These are the default attributes for all Incommon Service Providers.
- Any other attributes that need to be released should be processed through:
- Warning: Do not use the mail attribute as the identifier for the account.