You are located in service: Identity Management

Explanation of attributes

Explanation of attributes

 Detailinformation

Attributes contain systematically stored information on virtual identities such as email addresses, names or roles. RWTH Single Sign-On as the central authentication service of Identity Management passes on attributes to connected services. Services are required to request only the attributes that are really necessary for authentication.

The following table provides an overview of all attributes that can be transferred to the individual service providers via Shibboleth:

AttributeTechnical nameDescription
Address: SupplementrwthAddressSupplement
urn:oid:1.3.6.1.4.1.5540.2.1.51
Address supplement.
Address: Place of residence
 
l, locality
urn:oid:2.5.4.7
Place of residence.
Address: Street
 
street
urn:oid:2.5.4.9
Stree of the place of residence including the house number.
Address: Postal code
 
postalCode
urn:oid:2.5.4.17
Postal code of the place of residence.
Anonymous global unique IDeduPersonTargetedID
urn:oid:1.3.6.1.4.1.5923.1.1.1.10 (deprecated, use: pairwiseID)

pairwiseID
urn:oasis:names:tc:SAML:attribute:pairwise-id
A persistent identifier.
Anonymous placeholder for edXedx_anonymous
urn:oid:1.3.6.1.4.1.5540.2.1.123
Anonymous placeholder for different attributes that are required by the "edX" platform.
Anonymous e-mail alias for edXedx_email
urn:oid:1.3.6.1.4.1.5540.2.1.125
Persistent, anonymized e-mail alias for "edX" platform.
Anonymous user name for edXedx_username
urn:oid:1.3.6.1.4.1.5540.2.1.124
Anonymized e-mail alias for "edX" platform.
Display name
 
displayName
(deprecated, use: givenName, sn)
Name (Preferred name and surname)
Start of the employmentrwthEmploymentStart
urn:oid:1.3.6.1.4.1.5540.2.1.118
Start of employment of an employee; for contracts concluded before 1 June 2016, this is the date of data transfer to the SAP system.
 
End of the employmentrwthEmploymentEnd
urn:oid:1.3.6.1.4.1.5540.2.1.119
End of employment of an employee.
Start of the retirementrwthRetirementStart
urn:oid:1.3.6.1.4.1.5540.2.1.120
Retirement date of an employee.
Global unique IDeduPersonPrincipalName
urn:oid:1.3.6.1.4.1.5923.1.1.1.6
(deprecated, use: -)
An organisation-related identification for a person. E.g. "user@organisation". The organisation corresponds to the one in which the identification was created.
Work phone numberrwthTelefonNummer
urn:oid:1.3.6.1.4.1.5540.2.1.99
Work phone number (in case an RWTHcontact entry has been made).
Work e-mail address
 
rwthDienstEmail
urn:oid:1.3.6.1.4.1.5540.2.1.100
Currently any work e-mail address (in case an RWTHcontact entry has been made, after implementation in RWTHContacts the primary e-mail address to be used can be selected in the future).
Username
 
uidA unique identifier for a person that is only released for use as a login name in other subsystems in rare cases (e.g. telephone administration).
RWTH entry daterwthEntryDate
urn:oid:1.3.6.1.4.1.5540.2.1.121
RWTH entry date of an employee.
E-mail
 
mail
urn:oid:0.9.2342.19200300.100.1.3
Contatc e-mail address of a person.
Exmatriculation dateurn:oid:1.3.6.1.4.1.5540.2.1.55
rwthExmatrikulationsDatum
Date of exmatriculation.
Affiliation
 
eduPersonScopedAffiliation
urn:oid:1.3.6.1.4.1.5923.1.1.1.9
Specifies the affiliation of a person to a special security domain in the form:
member@rwth-aachen.de member (combination of the employee und student)
student@rwth-aachen.de students
employee@rwth-aachen.de employees
The affiliation 'member' is generally released in accordance with a DFN recommendation. The more detailed subgroups are only authorised for specific service providers.
This is not an e-mail address!  
Fields of study
 
rwthFachInfo
urn:oid:1.3.6.1.4.1.5540.2.1.48

Encoded string that specifies the study information, e. g.: 20191,11,a=71,f=185,3,s=4...

20191=semester related to the data (YYYY1=summer, YYYY2=winter)
11=1st course of studies, 1st subject (currently not interpretabel)
a=desired degree
f=subject code, PO version
s=subject-related semester

Supplement:

Students who are enrolled in more than one degree program have one rwthFachInfo per degree program.

The PO version describes the last two digits of the year, without the leading zero. In the example f=185.3, the 3 therefore refers to the year 2003

Date of birth
 
rwthDateOfBirth
urn:oid:1.3.6.1.4.1.5540.2.1.49
Date of birth
Place of birth
 
rwthLocalityOfBirth
urn:oid:1.3.6.1.4.1.5540.2.1.50
Place of birth
Gender
 
rwthGender
urn:oid:1.3.6.1.4.1.5540.2.1.4
Gender
Institute index numberikz (deprecated, use: eduPersonEntitlement)
urn:oid:1.3.6.1.4.1.5540.2.1.1
Identification number of the institute(s) to which a person is assigned in the personnel administration. It will be replaced by a role in the "Roles and groups" attribute (eduPersonEntitlement).
Country of residence for edXedx_residence
urn:oid:1.3.6.1.4.1.5540.2.1.127
The users country of residence for the "edX" platform.
Matriculation number
 
rwthMatrikelnummer
(deprecated, use:rwthSystemIDs)
urn:oid:1.3.6.1.4.1.5540.2.1.5
Matriculation number of a student.
Surname
 
surname, sn
urn:oid:2.5.4.4
Surname.
Nationality indexrwthCountry
urn:oid:1.3.6.1.4.1.5540.2.1.52
Nationality idex of a place of residence.
Roles (IDM.nrw)
 
idmNrwCriticalEntitlement
urn:oid:1.3.6.1.4.1.22177.400.1.2.1.3
Roles/authorisations that are critical in terms of data protection.
Roles and groups
 
eduPersonEntitlement
urn:oid:1.3.6.1.4.1.5923.1.1.1.7
 

Code string that contains rights (roles and groups) in the urn:mace format to protect or to display the contetnt in the systems.

The value urn:mace:dir:entitlement:common-lib-terms indicates that the user is registered in the university library. The attribute is released to any service provider as recommended by DFN. 

The value urn:mace:rwth.de:entitlement:WLAN indicates that the user is allowed to use eduroam WLAN and to use the EGM to create accounts for his devices.

Preferred given name
 
rwthRufname
(deprecated, use: givenName)
urn:oid:1.3.6.1.4.1.5540.2.1.96

Prefered given name by persons with more than one given name. The first name ist automatically set as a preferred name but can be defined via Selfservice.)
The first name is now written in the "givenName" attribute. The full first name can be obtained via the "idmNrwDocumentGivenname" attribute.

RWTH-IDrwthID
(deprecated, use:rwthSystemIDs)
urn:oid:1.3.6.1.4.1.5540.2.1.64
Unique unchangeable identifier for the RWTH.
RWTH partner statusrwthAssociate
(deprecated, use: eduPersonEntitlement)
urn:oid:1.3.6.1.4.1.5540.2.1.94
Code string which contains affiliation of a user to a spedific institution in urn-mace-format (coupon procedure, partner procedure).
System referencesrwthSystemIDs
urn:oid:1.3.6.1.4.1.5540.2.1.114
RWTH-specific system references (system IDs) in urn:mace-Encoding, e. g. "TH-Personalnummer (SAP)", Bluecard number etc.
AffiliationeduPersonAffiliation
urn:oid:1.3.6.1.4.1.5923.1.1.1.1

eduPersonScopedAffiliation
urn:oid:1.3.6.1.4.1.5923.1.1.1.9
RWTH affiliation kind of a person:

member 
student 
employee 
Fields of studydfnEduPersonTermsOfStudy
urn:oid:1.3.6.1.4.1.22177.400.1.1.3.8
Code string that contains fields of studies.
Information on fields of study
 
rwthStudienInfo
urn:oid:1.3.6.1.4.1.5540.2.1.117
Encoded string that contains the study information (Course of studies, semester, subject-related)
SVA personen statusrwthSVAPersonStatus
(deprecated, use: eduPersonEntitlement)
urn:oid:1.3.6.1.4.1.5540.2.1.97
Personal status of an employee in personnel administration.
First name
 
givenName
urn:oid:2.5.4.42
Preferred name of a person that can be defined in the Selfservice.
Full name
 
commonName
(deprecated, use: givenName, sn)
urn:oid:2.5.4.3
Full name of a person (all first names and surnames).
Full first name
 
idmNrwDocumentGivenname
urn:oid:1.3.6.1.4.1.22177.400.1.2.1.1
 
The full first name for official documents, the basis can be, for example, but not conclusively, the spellings in the identity card or dgti supplementary identity card.
Full surname
 
idmNrwDocumentSurname
urn:oid:1.3.6.1.4.1.22177.400.1.2.1.2
The full surname name for official documents, the basis can be, for example, but not conclusively, the spellings in the identity card or dgti supplementary identity card.

 Zusatzinformation

Related Links:

 

last changed on 09/19/2024

How did this content help you?

Creative Commons Lizenzvertrag
This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License