SAML Attribute Release Guidelines

For many SAML-enabled sites to allow a user to access protected materials, certain information about the user must be provided. Some sites need to know name, e-mail address, or a specific entitlement (WCU handles entitlement through AD Group memberships). Some others merely want to know whether the user is WCU faculty, staff, or student, and don’t depend upon the particular identity of the user in question — only that WCU is willing to vouch for them. 

Default Attribute Release

To simplify the attribute release, we have implemented the default attribute release for qualified Service Providers (SPs). The blanket attribute release includes the following attributes:

Attribute Description/Example
uid WCUPA Username, 75fbook
eduPersonPrincipalName WCUPA,
mail or
givenName First Name, Fred
sn surname/LastName, Book
displayName Last, First Name, Book, Fred T.
eduPersonAffiliation employee or student


  • These are the default attributes for all Incommon Service Providers.
  • Any other attributes that need to be released should be processed through:
  • Warning: Do not use the mail attribute as the identifier for the account.


Back to top of page.