OIDC Claims <-> SAML attributes
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
Identifier Properties
2
Properties
3
SAML IdentifiersReassigned?Opaque?Persistent?Per SP?
4
5
eduPersonPrincipalNameMNYN
6
7
eduPersonUniqueIdNYYN
8
9
eduPersonTargetedIDNYYY
10
(the same as)
11
SAML2 Persistent NameID
NYYY
12
13
SAML transient Name IDYYNN
14
15
OIDC Sub claims
16
publicNMYN
17
18
PairwiseNYYY
19
20
Note that this sub may also provide the same sub for "a group of Web sites under single administrative control"
21
http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes
22
http://openid.net/specs/openid-connect-registration-1_0.html#SectorIdentifierValidation
23
24
25
Mapping SAML -> OIDC public sub Claim: What SAML identifiers can I use to create a OIDC public claim?
Mapping OIDC public sub Claim -> SAML: What SAML identifiers can be create from an OIDC public claim?
26
PropertiesProperties
27
SAML IdentifiersReassigned?Opaque?Persistent?Per SP?IssueSAML IdentifiersReassigned?Opaque?Persistent?Per SP?Issue
28
29
eduPersonPrincipalNameMNYN
OIDC sub may not be reassigned
eduPersonPrincipalNameMNYN
30
31
eduPersonUniqueIdNYYNeduPersonUniqueIdNYYN
32
33
eduPersonTargetedIDNYYY
public sub must not change per RP
eduPersonTargetedIDNYYY
public sub claim is not issues per SP
34
35
SAML2 Persistent NameID
NYYY
public sub must not change per RP
SAML2 Persistent NameIDNYYY
public sub claim is not issues per SP
36
37
SAML transient Name IDYYNN
OIDC sub may not be reassigned
SAML transient Name IDYYNN
transient properties may be implemented by proxy
38
39
OIDC Sub claimsOIDC Sub claims
40
publicNMYNpublicNMYN
41
42
43
Mapping SAML -> OIDC pairwise sub Claim: What SAML identifiers can I use to create a OIDC pairwise claim?
Mapping OIDC pairwise sub Claim -> SAML: What SAML identifiers can be create from an OIDC pairwise claim?
44
For simplicity it is assumed there is only 1 Web sites under single administrative control
For simplicity it is assumed there is only 1 Web sites under single administrative control
45
PropertiesProperties
46
SAML IdentifiersReassigned?Opaque?Persistent?Per SP?IssueSAML IdentifiersReassigned?Opaque?Persistent?Per SP?Issue
47
48
eduPersonPrincipalNameMNYN
OIDC sub may not be reassigned
eduPersonPrincipalNameMNYN
Technically Opaque pairwise claim can be used, but this may be very unfriendly to enduser as ePPNs may be displayed to endusers
49
50
eduPersonUniqueIdNYYNeduPersonUniqueIdNYYN
pairwise sub is unique per RP
51
52
eduPersonTargetedIDNYYYeduPersonTargetedIDNYYY
53
54
SAML2 Persistent NameID
NYYYSAML2 Persistent NameIDNYYY
55
56
SAML transient Name IDYYNN
OIDC sub may not be reassigned
SAML transient Name IDYYNN
57
58
OIDC Sub claimsOIDC Sub claims
59
pairwiseNYYYpairwiseNYYY
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
 
 
 
'Identifier' Claims mapping
'Attribute' Claims mapping v2
Orphened SAML attributes
'Attribute' Claims mapping