ITS and UVa logos for printed output

NetBadge at UVA

Shibboleth Default Attribute Release Policies

The Shibboleth Identity Provider (IdP) will release attributes about the individual who has logged in to a Service Provider (SP). This page describes the default policies for attribute release. A custom attribute filter may be configured for any Service Provider (SP) which requires attributes in addition to the default set released.

The following attributes are included in the assertion released to any SP:

Attribute Name Description
eduPersonAffiliation Multi-valued affiliation (member, student, faculty, staff, employee, affiliate)
eduPersonScopedAffiliation Multi-valued affiliation

In addition to the two affiliation attributes, the following are included in the assertion released to any SP in the Virginia.EDU domain and to any SP identified as an InCommon Federation SP:

Attribute Name Description
Uid Computing_id

In addition, the following attributes are included in the assertion to any SP identified as an InCommon Federation Research & Scholarship service provider provided the student or employee has not elected to opt-out of having these data released or displayed:

Attribute Name Description
givenName First name
Surname Last name
commonName (cn) Multi-valued Common Name (Official or Nickname)
Email (mail) Register if known in the Address Management System
displayName Full name including nickname

The Identity Provider gets its attribute values from the private LDAP service, so any attribute in private LDAP is potentially available for inclusion in the assertion to an SP. Any attribute required by the SP which is not included in the default policies above must be approved by Information Security before it can be configured in a custom attribute filter. Attributes which may be requested include:

Name Description ValueType

m=multi-valued, s=single-valued

Values Access Reference Steward
cn Full name of the person m  y inetOrgPerson
displayNameName to display to userss y inetOrgPerson
snLast Names yinetOrgPerson
givenNameFirst Names yinetOrgPerson
initials Initialss y inetOrgPerson
title Working Titlem  inetOrgPerson
uidUVA Computing IDs yinetOrgPerson
mailregistered email addresss yinetOrgPerson
homePhoneHome phone number   inetOrgPerson
telephoneNumberOffice Numberm yinetOrgPerson
facsimileTelephoneNumberFax Numberm yinetOrgPerson
labeledURIHome Pages yinetOrgPerson
descriptionA form of affiliationm yinetOrgPerson
jpegPhotoA photo provided by the individual s yinetOrgPerson
uidNumberUNIX UID s  yposixAccount
gidNumberUNIX GID s yposixAccount
gecosUNIX Name s  posixAccount
homeDirectoryUNIX Home Directorys yposixAccount
loginShellUNIX Shell s yposixAccount
mailAlternateAddressEmail aliases m ymailRecipient  
preferredEmailAddressEmail addresss y  
mailForwardingAddressMail delivery address   y  
CVPN3000-Access-HoursVPN controls rCisco proprietary 
cVPN3000-IPSec-Split-Tunneling-Policyfull or partial tunnels rCisco proprietary  
isMemberOfGroup Membershipm yeduMember 
uvaPersonUpdateTimestampWhen we last saw an update from a system of record for this individualm  yuvaPerson 
uvaUniversityIDPhotoID Card Photo s ruvaPersonBusinessOps
uvaUniversityIDPhotoThumbID Card Photo thumbnail s ruvaPersonBusinessOps
uvaUniversityIDPhotoHashUsed for processing s ruvaPersonBusinessOps
uvaLastCompQuizLast successful completion of the Security Awareness Training (Responsible Computing Quiz) s yuvaPerson  
uvaPayrollDepartmentDepartment - payroll view s yuvaPerson 
uvaPayrollClassificationClassification - payroll view s yuvaPerson  
uvaPayrollLastUpdateLast Oracle updates  uvaPerson 
uvaRegistrarLastUpdateLast registrar updates   uvaPerson  
uvaRegistrarSchoolSchool of the students yuvaPerson 
uvaRolesSystem Roles held by the individual (ISDS, SIS, Eservices)m   uvaPerson  
uvaDisplayDepartmentYour department name? yuvaPerson  
uvaDisplayNameA full name strings  uvaPerson  
uvaAccountsAccounts held by the individualm yuvaPerson  
msnInstMessHandleMSN IM Handles  uvaPerson 
aolInstMessHandleAIM IM Handles  uvaPerson 
uvaDeliverableAddressAll deliverable addresses a user has configured in AMSm yuvaPerson 
uvaEmailAddressesAll deliverable addresses and aliases a user has configured in AMSm yuvaPerson  
uvaIkeyNumberNumber of ikey (1 for first, 2 for second, etc)s  uvaPerson  
uvaIsModeratorOfSympa mailing lists this user moderatesm yuvaPerson  
uvaIsOwnerOfGroups this user owns/administersm yuvaPerson  
uvaJvpnIkeyEnabledIs person's Ikey enabled for use on JointVPNs  uvaPerson  
uvaJvpnIpsecSplitTunnelingPolicyIndicates full or split tunnel for JointVPN userss  uvaPerson  
uvaUserDBFlagInternal flags - e.g., no accountm  uvaPerson 
uvaOracleDeptNameOracle Dept Names yuvaPerson 
uvaOracleOrgCodeOracle ORG Codes yuvaPerson  
uvaExpirationDateIf this record should expires  uvaPerson  
uvaCleanupDateWhen accounts have been cleaned ups  uvaPerson  
uvaExpirationStatusRecord expiration statuss yuvaPerson  
uvaMemberWould ITS issue any accounts yuvaPerson  
uvaRegistrarClassificationRegistrar classifications  uvaPerson 
MSNwirelessAccessJefferson WLAN access controls  uvaPerson  
unixuidPerson's UNIX UIDs yuvaPerson 
wirelessAccessCavalier WLAN access controls  uvaPerson  
uvRestrictDon't display information on this persons yuvaPerson  
uvaPersonTODOUsed by NetBadge for its reminder servicem  uvaPerson 
eduPersonScopedAffiliation Relationship to universitym yeduPerson 
eduPersonAffiliationRelationship to universitym yeduPerson 
edupersonprimaryaffiliationPrimary relationships y eduPerson  
eduPersonOrgUnitDNDepartment ORGs yeduPerson  
eduPersonPrincipalNamecomputingID@virginia.edus yeduPerson 
eduPersonNickNameNicknames yeduPerson  
eduPersonOrgDNUniversity of Virginias yeduPerson  
uvaEmplIDsEMPL IDs from various systems of recordm yuvaPerson  
uvaPersonSupervisorSysidSupervisor EMPL ID from various systems of recordm yuvaPerson 
uvaAccessListJointVPN access listm yuvaPerson 

  Page Updated: Thursday 2018-03-08 14:56:05 EST