1

I'm working on SSO with SAML2 and keep finding this spec coming up for users, primarily from education and research organisations and to do with ldap user storage on the idp.

I'm not necessarily holding users to do with education, and have sql storage of users. I was looking for a spec on users to improve future compatibility with other federations and from that will add any custom attributes needed.

I feel like my research may be biased as I find this unexpected.

Is this really the generic user most ipd/sp's expect?

perpetuallynotfini
  • 87
  • 5
  • eduPerson is widely used across federations. If you need user attributes that are "generic", you could "translate" the incoming eduPerson attributes to a "neutral" attribute name suitable for your research. e.g. SAML is middleware so in theory you shouldn't know what the attributes are once the SP has ingested them – codebrane Mar 08 '20 at 09:28
  • There isn't one - attributes vary widely between apps. The [higher education / academia research space](https://refeds.org/specifications) with _eduPerson_ et al is the closest to a standard but even there there are plenty of institutions that do not adhere to it. – identigral Mar 09 '20 at 02:37
  • by "neutral" I mean create your own one to isolate all SPs from your research process and map all incoming attributes to that neutral schema – codebrane Mar 09 '20 at 15:33

0 Answers0