For each of the supported protocols, the same attribute set is available. These attributes are available for all members of all collaborations connected to an application:
| Attribute name | Description | SAML attribute | OIDC claim (request scope) | LDAP attribute | SCIM https://sram.surf.nl/api/scim/v2/ResourceTypes | Name in SBS UI |
|---|---|---|---|---|---|---|
| Name | Full name for display purposes, possibly including titles. Example: | cn (urn:oid:2.5.4.3) |
| displayName |
(User Core) | Name |
| First name | First name Example: | givenName (urn:oid:2.5.4.42) | given_name (scope: profile) |
|
(User Core) | n/a |
| Surname | Last name Example: | sn (urn:oid:2.5.4.4) |
| sn |
(User-Core) | n/a |
| Email address | Main email address Example: | mail (urn:oid:0.9.2342.19200300.100.1.3) | email (scope: email) |
AND
(UserCore) | ||
| Platform identifier | Unique persistent identifier for the user. It consists of a hash value (random hex string) scoped to SRAM Example: | eduPersonUniqueId (urn:oid:1.3.6.1.4.1.5923.1.1.1.13)urn:oasis:names:tc:SAML:attribute:subject-id |
| eduPersonUniqueId |
(User SRAM Extension) | UID |
| Institutional identifier | Identifier from the user's original institutional IdP Example: | voPersonExternalID (urn:oid:1.3.6.1.4.1.25178.4.1.5) |
| voPersonExternalId |
(User SRAM Extension) | Eduperson principal name |
| Short username | Short, human-readably username for login to backend systems Example: |
|
| uid |
(User Core) | Username |
| Short platform identifier | Human-readable platform identifier Example: | eduPersonPrincipalName (urn:oid:1.3.6.1.4.1.5923.1.1.1.6) |
| - | - | n/a |
| Platform affiliation | User's role in the SRAM platform, typically Example: | eduPersonScopedAffiliation (urn:oid:1.3.6.1.4.1.5923.1.1.1.9) |
| eduPersonScopedAffiliation |
(User SRAM Extension) | n/a |
| Institutional affiliation | User's role(s) in their home organization. Only present if supplied by the user's home institution. Example: | voPersonExternalAffiliation (urn:oid:1.3.6.1.4.1.25178.4.1.11) |
| voPersonExternalAffiliation |
(User SRAM Extension) | |
| Group and CO memberships | Membership of collaborations and groups within each collaboration. Examples: | eduPersonEntitlement (urn:oid:1.3.6.1.4.1.5923.1.1.1.7) |
|
|
(Group Core) | Entitlements |
| CO labels | Organizational labels set to collaborations Examples: | eduPersonEntitlement (urn:oid:1.3.6.1.4.1.5923.1.1.1.7) | eduperson_entitlement (scope: eduperson_entitlement) | businessCategory (NB: attribute of Collaboration) |
(Group SRAM Extension) | Label |
| SSH public key | Public SSH key which the user has configured to log into backend systems | sshPublicKey (urn:oid:1.3.6.1.4.1.24552.500.1.1.1.13) |
| sshPublicKey |
(User Core) | SSH public key |
| Status | Status of the user; possible values are "active" and "expired" (for users whose membership has expired or who are inactive) | - (users who are able to login via SAML are always "active") | - (users who are able to login via OIDC are always "active") | voPersonStatus |
(User Core) | - |
| Inactive days | Number of days the user has not logged in (rounded down). Value can be:
| sramInactiveDays |
(User SRAM Extension) | ≈ Last activity date | ||
| Logo | The URL for the collaboration logo | - | - |
(value: URL logo) |
(Group Core) | Collaboration logo |
| SBS UI URL | The URL to the collaboration in the SBS UI | - | - |
(value: URL sbs_url) |
(Group Core) | n/a |
The LDAP directory structure references the LDAP tree available to an application
SCIM Schemas: