Explanation of attributes
Attributes contain systematically stored information on virtual identities such as email addresses, names or roles. RWTH Single Sign-On as the central authentication service of Identity Management passes on attributes to connected services. Services are required to request only the attributes that are really necessary for authentication.
The following table provides an overview of all attributes that can be transferred to the individual service providers via Shibboleth:
| Attribute | Technical name | Description |
|---|---|---|
| Academic degrees post name | rwthDegreePost (urn:oid:1.3.6.1.4.1.5540.2.1.131) | Academic degrees post name |
| Academic degrees pre name | rwthDegreePre (urn:oid:1.3.6.1.4.1.5540.2.1.132) | Academic degrees pre name |
| Address: Place of residence | l (urn:oid:2.5.4.7) | Place of residence |
| Address: Postal code | postalCode (urn:oid:2.5.4.17) | Postal code of the place of residence |
| Address: Street | street (urn:oid:2.5.4.9) | Street of the place of residence including the house number |
| Address: Supplement | rwthAddressSupplement (urn:oid:1.3.6.1.4.1.5540.2.1.51) | Address supplement like c/o, apartement number |
| Affiliation (deprecated, use: eduPersonScopedAffiliation) | eduPersonAffiliation (urn:oid:1.3.6.1.4.1.5923.1.1.1.1) | Specifies the affiliation of a person to a special security domain in the form: member: member (combination of the employee und student) The affiliation 'member' is generally released in accordance with a DFN recommendation. The more detailed subgroups are only authorised for specific service providers. |
| Anonymous global unique ID (per Service Provider) | samlPairwiseID (urn:oasis:names:tc:SAML:attribute:pairwise-id) | PairwiseID: Unique user identification, different for each service provider |
| Anonymous global ID for a single service (deprecated, use: pairwiseID) | eduPersonTargetedID (urn:oid:1.3.6.1.4.1.5923.1.1.1.10) | A persistent identifier that is given to a specific service. |
| Contact objects of a person | rwthContact (urn:oid:1.3.6.1.4.1.5540.2.1.139) | Contact objects of a person, typified by origin/purpose and type of contact (Email, Phone, Fax, Url, UC...) |
| Country code | rwthCountry (urn:oid:1.3.6.1.4.1.5540.2.1.52) | Country code (like B, NL, F, L...) of the place of residence |
| Date of birth | rwthDateOfBirth (urn:oid:1.3.6.1.4.1.5540.2.1.49) | The date of birth of a user |
| Display name (deprecated, use: givenNames sn) | displayName (urn:oid:2.16.840.1.113730.3.1.241) | Name (Preferred name(s) and surname) |
| edX: Anonymized e-mail address | edx_email (urn:oid:1.3.6.1.4.1.5540.2.1.125) | Persistent, anonymized e-mail alias for "edX" platform |
| edX: Anonymized username | edx_username (urn:oid:1.3.6.1.4.1.5540.2.1.124) | Anonymized username for "edX" platform |
| edX: Anonymous placeholder | edx_anonymous (urn:oid:1.3.6.1.4.1.5540.2.1.123) | Anonymous placeholder for different attributes that are required by the "edX" platform |
| edX: Country of residence | edx_residence (urn:oid:1.3.6.1.4.1.5540.2.1.127) | Country of residence for edX |
| mail (urn:oid:0.9.2342.19200300.100.1.3) | Contact e-mail address of a person as specified in the Selfservice | |
| Employment period | rwthEmploymentPeriod (urn:oid:1.3.6.1.4.1.5540.2.1.133) | Employment period of a person |
| Employment: End | rwthEmploymentEnd (urn:oid:1.3.6.1.4.1.5540.2.1.119) | End of employment of an employee |
| Employment: Start | rwthEmploymentStart (urn:oid:1.3.6.1.4.1.5540.2.1.118) | Start of employment of an employee; for contracts concluded before 1 June 2016, this is the date of data transfer to the SAP system |
| Employment: Status | rwthEmploymentStatus (urn:oid:1.3.6.1.4.1.5540.2.1.129) | Employment status |
| Employment object of a Person | rwthEmployment (urn:oid:1.3.6.1.4.1.5540.2.1.133) | Employment object of a Person |
| Entry date at the RWTH | rwthEntryDate (urn:oid:1.3.6.1.4.1.5540.2.1.121) | RWTH entry date of an employee |
| European Student Identifier (ESI) | schacPersonalUniqueCode (urn:oid:1.3.6.1.4.1.25178.1.2.14) | European Student Identifier (ESI) |
| Exmatriculation Date | rwthExmatrikulationsDatum (urn:oid:1.3.6.1.4.1.5540.2.1.55) | Date of exmatriculation |
| Fields of study | rwthFachInfo (urn:oid:1.3.6.1.4.1.5540.2.1.48) | Encoded string that specifies the fields of study, e. g.: 20191,11,a=71,f=185,3,s=4... 20191=semester related to the data (YYYY1=summer, YYYY2=winter) Supplement: Students who are enrolled in more than one degree program have one rwthFachInfo per degree program. |
| Full first name of a person (IDM.nrw) | idmNrwDocumentGivenName (urn:oid:1.3.6.1.4.1.22177.400.1.2.1.1) | The full first name for official documents; the basis can be, for example, but not conclusively, the spellings in the ID card or dgti supplementary ID card. (cf. givenName in the DFN schema as "preferred name"). |
| Full name (deprecated, use: givenName, sn) | displayName (urn:oid:2.5.4.3) | Full name (preferred name(s) and surname) |
| Full surname of a person (IDM.nrw) | idmNrwDocumentSurname (urn:oid:1.3.6.1.4.1.22177.400.1.2.1.2) | The full surname for official documents; the basis can be, for example, but not conclusively, the spellings in the ID card or dgti supplementary ID card. (cf. sn, surname in DFN schema as "preferred surname"). |
| Gender | rwthGender (urn:oid:1.3.6.1.4.1.5540.2.1.4) | Gender of the user |
| Given name | givenName (urn:oid:2.5.4.42) | Preferred name of a person as defined in the Selfservice |
| Global unique ID (deprecated, use: -) | eduPersonPrincipalName (urn:oid:1.3.6.1.4.1.5923.1.1.1.6) | A unique identifier for a person, mainly for inter-institutional user identification |
| Home organization type | schacHomeOrganizationType (urn:oid:1.3.6.1.4.1.25178.1.2.10) | Home organization type: university, polytechnic, etc |
| Institute index number (deprecated, use: eduPersonEntitlement) | ikz (urn:oid:1.3.6.1.4.1.5540.2.1.1) | Identification number of the institute(s) to which a person is assigned in the personnel administration. It will be replaced by a role in the "Roles and groups" attribute (eduPersonEntitlement). |
| Matriculation number (deprecated, use:rwthSystemIDs) | rwthMatrikelnummer (urn:oid:1.3.6.1.4.1.5540.2.1.5) | Matriculation number of a student |
| Name of home organization | o (urn:oid:2.5.4.10) | Name of the organization respectively institution which a person belongs to |
| Person status in SAP | rwthSAPPersonStatus (urn:oid:1.3.6.1.4.1.5540.2.1.134) | Status in SAP |
| Place of birth | rwthLocalityOfBirth (urn:oid:1.3.6.1.4.1.5540.2.1.50) | The place of birth of a user |
| Preferred given name (deprecated, use: givenName) | rwthRufname (urn:oid:1.3.6.1.4.1.5540.2.1.96) | First name of persons with several first names. Is automatically set to the first first name, but can be changed via the Selfservice. The first name is now written in the “givenName” attribute. The full first name can be obtained via the “idmNrwDocumentGivenname” attribute. |
| Retirement: Start | rwthRetirementStart (urn:oid:1.3.6.1.4.1.5540.2.1.120) | Retirement date of an employee |
| Roles (IDM.nrw) | idmNrwCriticalEntitlement (urn:oid:1.3.6.1.4.1.22177.400.1.2.1.3) | Roles/authorizations to be classified as critical in terms of data protection |
| Roles and Groups | eduPersonEntitlement (urn:oid:1.3.6.1.4.1.5923.1.1.1.7) | Code string that contains rights (roles and groups) in the urn:mace format to protect or to display the content in the systems. The value urn:mace:dir:entitlement:common-lib-terms indicates that the user is registered in the university library. The attribute is released to any service provider as recommended by DFN. The value urn:mace:rwth.de:entitlement:WLAN indicates that the user is allowed to use eduroam WLAN and to use the EGM to create accounts for his devices. |
| RWTH Partner Status (deprecated, use: eduPersonEntitlement) | rwthAssociate (urn:oid:1.3.6.1.4.1.5540.2.1.94) | Represents the affiliation of a user to a spedific institution in urn-mace-format |
| RWTH mail address | rwthMailAddress urn:oid:1.3.6.1.4.1.5540.2.1.108) | RWTH mail address of a person |
| rwthSystemIDs | rwthSystemIDs (urn:oid:1.3.6.1.4.1.5540.2.1.114) | RWTH-specific system references (system IDs) in urn:mace-Encoding, e. g. "TH-Personalnummer (SAP)", Bluecard number etc. |
| Semester by subject | dfnEduPersonTermsOfStudy (urn:oid:1.3.6.1.4.1.22177.400.1.1.3.8) | The attribute contains numerical values of the subjects from the classification of the Federal Statistical Office and corresponds to the value of dfnEduPersonStudyBranch3, or, if this is not maintained, dfnEduPersonStudyBranch2 as well as the subject semester separated by a '$'. |
| Study information | rwthStudienInfo (urn:oid:1.3.6.1.4.1.5540.2.1.117) | Encoded string that specifies the study information (course of studies, semester, subject-related) |
| Surname | sn (urn:oid:2.5.4.4) | Surnames of a person |
| SVA person status (deprecated, use: eduPersonEntitlement) | rwthSVAPersonStatus (urn:oid:1.3.6.1.4.1.5540.2.1.97) | Employee status in the old RWTH personnel management system |
| Unique ID (global) | eduPersonUniqueId (urn:oid:1.3.6.1.4.1.5923.1.1.1.13) | A unique identifier for a person, mainly for inter-institutional user identification |
| User name | uid (urn:oid:0.9.2342.19200300.100.1.1) | RWTH Single Sign-On Username. Unique identifier for a person that is only released for use as a login name in other subsystems in rare cases (e.g. telephone administration) |
| Work e-mail address | rwthDienstEmail (urn:oid:1.3.6.1.4.1.5540.2.1.100) | Currently any work e-mail address (in case an RWTHcontact entry has been made, after implementation in RWTHContacts the primary e-mail address to be used can be selected in the future) |
| Work phone number | rwthTelefonNummer (urn:oid:1.3.6.1.4.1.5540.2.1.99) | Work phone number (in case an RWTHcontact entry has been made) |
Related Links:
