Explanation of attributes
Attributes contain systematically stored information on virtual identities such as email addresses, names or roles. RWTH Single Sign-On as the central authentication service of Identity Management passes on attributes to connected services. Services are required to request only the attributes that are really necessary for authentication.
The following table provides an overview of all attributes that can be transferred to the individual service providers via Shibboleth:
Attribute | Technical name | Description |
---|---|---|
Address: Supplement | rwthAddressSupplement urn:oid:1.3.6.1.4.1.5540.2.1.51 | Address supplement. |
Address: Place of residence | l, locality urn:oid:2.5.4.7 | Place of residence. |
Address: Street | street urn:oid:2.5.4.9 | Stree of the place of residence including the house number. |
Address: Postal code | postalCode urn:oid:2.5.4.17 | Postal code of the place of residence. |
Anonymous global unique ID | eduPersonTargetedID urn:oid:1.3.6.1.4.1.5923.1.1.1.10 (deprecated, use: pairwiseID) pairwiseID urn:oasis:names:tc:SAML:attribute:pairwise-id | A persistent identifier. |
Anonymous placeholder for edX | edx_anonymous urn:oid:1.3.6.1.4.1.5540.2.1.123 | Anonymous placeholder for different attributes that are required by the "edX" platform. |
Anonymous e-mail alias for edX | edx_email urn:oid:1.3.6.1.4.1.5540.2.1.125 | Persistent, anonymized e-mail alias for "edX" platform. |
Anonymous user name for edX | edx_username urn:oid:1.3.6.1.4.1.5540.2.1.124 | Anonymized e-mail alias for "edX" platform. |
Display name | displayName (deprecated, use: givenName, sn) | Name (Preferred name and surname) |
Start of the employment | rwthEmploymentStart urn:oid:1.3.6.1.4.1.5540.2.1.118 | Start of employment of an employee; for contracts concluded before 1 June 2016, this is the date of data transfer to the SAP system. |
End of the employment | rwthEmploymentEnd urn:oid:1.3.6.1.4.1.5540.2.1.119 | End of employment of an employee. |
Start of the retirement | rwthRetirementStart urn:oid:1.3.6.1.4.1.5540.2.1.120 | Retirement date of an employee. |
Global unique ID | eduPersonPrincipalName urn:oid:1.3.6.1.4.1.5923.1.1.1.6 (deprecated, use: -) | An organisation-related identification for a person. E.g. "user@organisation". The organisation corresponds to the one in which the identification was created. |
Work phone number | rwthTelefonNummer urn:oid:1.3.6.1.4.1.5540.2.1.99 | Work phone number (in case an RWTHcontact entry has been made). |
Work e-mail address | rwthDienstEmail urn:oid:1.3.6.1.4.1.5540.2.1.100 | Currently any work e-mail address (in case an RWTHcontact entry has been made, after implementation in RWTHContacts the primary e-mail address to be used can be selected in the future). |
Username | uid | A unique identifier for a person that is only released for use as a login name in other subsystems in rare cases (e.g. telephone administration). |
RWTH entry date | rwthEntryDate urn:oid:1.3.6.1.4.1.5540.2.1.121 | RWTH entry date of an employee. |
E-mail | mail urn:oid:0.9.2342.19200300.100.1.3 | Contatc e-mail address of a person. |
Exmatriculation date | urn:oid:1.3.6.1.4.1.5540.2.1.55 rwthExmatrikulationsDatum | Date of exmatriculation. |
Affiliation | eduPersonScopedAffiliation urn:oid:1.3.6.1.4.1.5923.1.1.1.9 | Specifies the affiliation of a person to a special security domain in the form: member@rwth-aachen.de member (combination of the employee und student) student@rwth-aachen.de students employee@rwth-aachen.de employees The affiliation 'member' is generally released in accordance with a DFN recommendation. The more detailed subgroups are only authorised for specific service providers. This is not an e-mail address! |
Fields of study | rwthFachInfo urn:oid:1.3.6.1.4.1.5540.2.1.48 | Encoded string that specifies the study information, e. g.: 20191,11,a=71,f=185,3,s=4... 20191=semester related to the data (YYYY1=summer, YYYY2=winter) Supplement: Students who are enrolled in more than one degree program have one rwthFachInfo per degree program. The PO version describes the last two digits of the year, without the leading zero. In the example f=185.3, the 3 therefore refers to the year 2003 |
Date of birth | rwthDateOfBirth urn:oid:1.3.6.1.4.1.5540.2.1.49 | Date of birth |
Place of birth | rwthLocalityOfBirth urn:oid:1.3.6.1.4.1.5540.2.1.50 | Place of birth |
Gender | rwthGender urn:oid:1.3.6.1.4.1.5540.2.1.4 | Gender |
Institute index number | ikz (deprecated, use: eduPersonEntitlement) urn:oid:1.3.6.1.4.1.5540.2.1.1 | Identification number of the institute(s) to which a person is assigned in the personnel administration. It will be replaced by a role in the "Roles and groups" attribute (eduPersonEntitlement). |
Country of residence for edX | edx_residence urn:oid:1.3.6.1.4.1.5540.2.1.127 | The users country of residence for the "edX" platform. |
Matriculation number | rwthMatrikelnummer (deprecated, use:rwthSystemIDs) urn:oid:1.3.6.1.4.1.5540.2.1.5 | Matriculation number of a student. |
Surname | surname, sn urn:oid:2.5.4.4 | Surname. |
Nationality index | rwthCountry urn:oid:1.3.6.1.4.1.5540.2.1.52 | Nationality idex of a place of residence. |
Roles (IDM.nrw) | idmNrwCriticalEntitlement urn:oid:1.3.6.1.4.1.22177.400.1.2.1.3 | Roles/authorisations that are critical in terms of data protection. |
Roles and groups | eduPersonEntitlement urn:oid:1.3.6.1.4.1.5923.1.1.1.7 | Code string that contains rights (roles and groups) in the urn:mace format to protect or to display the contetnt in the systems. The value urn:mace:rwth.de:entitlement:WLAN indicates that the user is allowed to use eduroam WLAN and to use the EGM to create accounts for his devices. |
Preferred given name | rwthRufname (deprecated, use: givenName) urn:oid:1.3.6.1.4.1.5540.2.1.96 | Prefered given name by persons with more than one given name. The first name ist automatically set as a preferred name but can be defined via Selfservice.) |
RWTH-ID | rwthID (deprecated, use:rwthSystemIDs) urn:oid:1.3.6.1.4.1.5540.2.1.64 | Unique unchangeable identifier for the RWTH. |
RWTH partner status | rwthAssociate (deprecated, use: eduPersonEntitlement) urn:oid:1.3.6.1.4.1.5540.2.1.94 | Code string which contains affiliation of a user to a spedific institution in urn-mace-format (coupon procedure, partner procedure). |
System references | rwthSystemIDs urn:oid:1.3.6.1.4.1.5540.2.1.114 | RWTH-specific system references (system IDs) in urn:mace-Encoding, e. g. "TH-Personalnummer (SAP)", Bluecard number etc. |
Affiliation | eduPersonAffiliation urn:oid:1.3.6.1.4.1.5923.1.1.1.1 eduPersonScopedAffiliation urn:oid:1.3.6.1.4.1.5923.1.1.1.9 | RWTH affiliation kind of a person: member student employee |
Fields of study | dfnEduPersonTermsOfStudy urn:oid:1.3.6.1.4.1.22177.400.1.1.3.8 | Code string that contains fields of studies. |
Information on fields of study | rwthStudienInfo urn:oid:1.3.6.1.4.1.5540.2.1.117 | Encoded string that contains the study information (Course of studies, semester, subject-related) |
SVA personen status | rwthSVAPersonStatus (deprecated, use: eduPersonEntitlement) urn:oid:1.3.6.1.4.1.5540.2.1.97 | Personal status of an employee in personnel administration. |
First name | givenName urn:oid:2.5.4.42 | Preferred name of a person that can be defined in the Selfservice. |
Full name | commonName (deprecated, use: givenName, sn) urn:oid:2.5.4.3 | Full name of a person (all first names and surnames). |
Full first name | idmNrwDocumentGivenname urn:oid:1.3.6.1.4.1.22177.400.1.2.1.1 | The full first name for official documents, the basis can be, for example, but not conclusively, the spellings in the identity card or dgti supplementary identity card. |
Full surname | idmNrwDocumentSurname urn:oid:1.3.6.1.4.1.22177.400.1.2.1.2 | The full surname name for official documents, the basis can be, for example, but not conclusively, the spellings in the identity card or dgti supplementary identity card. |
Related Links: