Google+
ITS and UVa logos for printed output

NetBadge at UVA

Shibboleth Default Attribute Release Policies

The Shibboleth Identity Provider (IdP) will release attributes about the individual who has logged in to a Service Provider (SP). This page describes the default policies for attribute release. A custom attribute filter may be configured for any Service Provider (SP) which requires attributes in addition to the default set released.

The following attributes are included in the assertion released to any SP:

Attribute Name Description
eduPersonAffiliation Multi-valued affiliation (member, student, faculty, staff, employee, affiliate)
eduPersonScopedAffiliation Multi-valued affiliation @virginia.edu

In addition to the two affiliation attributes, the following are included in the assertion released to any SP in the Virginia.EDU domain and to any SP identified as an InCommon Federation SP:

Attribute Name Description
eduPersonPrincipalName Computing_id@virginia.edu
Uid Computing_id

In addition, the following attributes are included in the assertion to any SP identified as an InCommon Federation Research & Scholarship service provider provided the student or employee has not elected to opt-out of having these data released or displayed:

Attribute Name Description
givenName First name
Surname Last name
commonName (cn) Multi-valued Common Name (Official or Nickname)
Email (mail) Register computing_id@virginia.edu if known in the Address Management System
displayName Full name including nickname

The Identity Provider gets its attribute values from the private LDAP service, so any attribute in private LDAP is potentially available for inclusion in the assertion to an SP. Any attribute required by the SP which is not included in the default policies above must be approved by Information Security before it can be configured in a custom attribute filter. Attributes which may be requested include:

Name
If there is an asterisk (*) before an attribute name please see the Additional Attributes Notes below; the asterisk is not part of the attribute name.
Description ValueType

m=multi-valued, s=single-valued

Values Access Reference Steward
uvaPersonIAMAffiliation
New 6/25/18
Official IAM Role(s) held by userm yuvaPerson  
*  cn
Modified 6/25/2018
Full name of the person m  y inetOrgPerson
RFC-2798
 
*  displayName
Modified 6/25/2018
Name to display to userss y inetOrgPerson
RFC-2798
 
*  sn
Modified 6/25/18
Last Names yinetOrgPerson
RFC-2798
 
*  givenName
Modified 6/25/2018
First Names yinetOrgPerson
RFC-2798
 
*  initials
Modified 6/25/2018
Initialss y inetOrgPerson
RFC-2798
 
title Working Titlem  inetOrgPerson
RFC-2798
 
uidUVA Computing IDs yinetOrgPerson
RFC-2798
 
mailregistered email addresss yinetOrgPerson
RFC-2798
 
homePhone
Deprecated 6/25/2018
Home phone number   inetOrgPerson
RFC-2798
 
telephoneNumberOffice Number as received from the HR source system(s).m yinetOrgPerson
RFC-2798
 
facsimileTelephoneNumberFax Number as received from the HR source system(s).m yinetOrgPerson
RFC-2798
 
labeledURI
Deprecated 6/25/18
Home Pages yinetOrgPerson
RFC-2798
 
* descriptionA form of affiliation
(Legacy Attribute)
m yinetOrgPerson
RFC-2798
 
jpegPhoto
Deprecated 6/25/18
A photo provided by the individual s yinetOrgPerson
RFC-2798
 
uidNumberUNIX UID s  yposixAccount
RFC-2307
 
gidNumberUNIX GID s yposixAccount
RFC-2307
 
gecosUNIX Name s  posixAccount
RFC-2307
 
homeDirectoryUNIX Home Directorys yposixAccount
RFC-2307
 
loginShellUNIX Shell s yposixAccount
RFC-2307
 
mailAlternateAddressEmail aliases m ymailRecipient  
preferredEmailAddressEmail addresss y  
mailForwardingAddressMail delivery address m y  
CVPN3000-Access-HoursVPN controls rCisco proprietary 
cVPN3000-IPSec-Split-Tunneling-Policyfull or partial tunnels rCisco proprietary  
isMemberOfMyGroup Membershipm yeduMember 
* uvaPersonUpdateTimestampWhen we last saw an update from a system of record for this individualm  yuvaPerson 
uvaUniversityIDPhotoID Card Photo s ruvaPersonBusinessOps
uvaUniversityIDPhotoThumbID Card Photo thumbnail s ruvaPersonBusinessOps
uvaUniversityIDPhotoHashUsed for processing s ruvaPersonBusinessOps
uvaLastCompQuiz
Deprecated 6/25/2018
Last successful completion of the Security Awareness Training (Responsible Computing Quiz) s yuvaPerson  
uvaRequiredTrainingCompletedLast successful completion of the Information Security Awareness Training (Responsible Computing Quiz) m yuvaPerson  
uvaPayrollDepartmentDepartment - payroll view s yuvaPerson 
* uvaPayrollClassificationClassification - payroll view s yuvaPerson  
* uvaPayrollLastUpdateLast Oracle updates  uvaPerson 
* uvaRegistrarLastUpdateLast registrar updates   uvaPerson  
uvaRegistrarSchoolSchool of the students y uvaPerson 
uvaDisplayDepartmentYour department name? yuvaPerson  
uvaDisplayName
Modified 6/25/2018
A full name strings  uvaPerson  
uvaAccountsSelect accounts held by the individualm yuvaPerson  
msnInstMessHandle
Deprecated 6/25/2018
MSN IM Handles  uvaPerson 
aolInstMessHandle
Deprecated 6/25/2018
AIM IM Handles  uvaPerson 
uvaDeliverableAddressAll deliverable addresses a user has configured in AMSm yuvaPerson 
uvaEmailAddressesAll deliverable addresses and aliases a user has configured in AMSm yuvaPerson  
uvaIkeyNumberNumber of ikey (1 for first, 2 for second, etc)s  uvaPerson  
uvaIsModeratorOfSympa mailing lists this user moderatesm yuvaPerson  
uvaIsOwnerOfGroups this user owns/administersm yuvaPerson  
uvaJvpnIkeyEnabledIs person's Ikey enabled for use on JointVPNs  uvaPerson  
uvaJvpnIpsecSplitTunnelingPolicyIndicates full or split tunnel for JointVPN userss  uvaPerson  
uvaUserDBFlag
Deprecated 6/25/2018
Internal flags - e.g., no accountm  uvaPerson 
uvaOracleDeptNameOracle Dept Names yuvaPerson 
uvaOracleOrgCodeOracle ORG Codes yuvaPerson  
uvaExpirationDateDate on which the account will expires  uvaPerson  
uvaCleanupDateWhen accounts have been cleaned ups  uvaPerson  
uvaExpirationStatusRecord expiration statuss yuvaPerson  
uvaMemberWould ITS issue any accounts yuvaPerson  
uvaRegistrarClassificationRegistrar classifications  uvaPerson 
MSNwirelessAccessJefferson WLAN access controls  uvaPerson  
unixuidPerson's UNIX UIDs yuvaPerson 
wirelessAccessCavalier WLAN access controls  uvaPerson  
uvRestrictDon't display information on this persons yuvaPerson  
uvaPersonTODOUsed by NetBadge for its reminder servicem  uvaPerson 
* eduPersonScopedAffiliation (Legacy Attribute)Relationship to universitym yeduPerson 
* eduPersonAffiliation (Legacy Attribute)Relationship to universitym yeduPerson 
* eduPersonPrimaryAffiliation (Legacy Attribute) Primary relationship to University. s y eduPerson 
eduPersonOrgUnitDNDepartment ORGs yeduPerson  
eduPersonPrincipalNamecomputingID@virginia.edus yeduPerson 
eduPersonNickName
Deprecated 6/25/18
Nicknames yeduPerson  
eduPersonOrgDNUniversity of Virginias yeduPerson  
uvaEmplIDsEMPL IDs from various systems of recordm yuvaPerson  
uvaPersonSupervisorSysidSupervisor EMPL ID from various systems of recordm yuvaPerson 
uvaAccessListJointVPN access listm yuvaPerson 
pagerUser's pager number as received from the HR source system.  
mobileCellular or other type of mobile phone number as received from the HR source system.  
PostalAddress
Deprecated 6/25/18
Replaced with physicalDeliveryOfficeName.  
generationQualifier
Modified 6/25/18
A field containing just the user's name suffix (e.g. Jr.)  
uvaPersonMFADeadlineFuture date by which Duo device registration must be completed s yuvaPerson 
uvaPersonMFARequiredSet if Duo account has been activated and at least one device is registereds yuvaPerson 

  Page Updated: Thursday 2018-03-08 14:56:05 EST