Values for connecting your application to IU Login with the SAML protocol
Use this information when setting up SAML authentication at Indiana University:
Note:
If you're setting up a service provider within your own application, follow the instructions in Connect to IU Login with the SAML protocol. If you're setting up a vended product, you'll most likely complete a form provided by the product's vendor with the following information.
- Organization information:
- Admin:
ithelp@iu.edu
- Admin:
- Identity provider:
- Production environment:
- Entity ID:
https://idp.login.iu.edu/idp/shibboleth - Metadata (URL directs to a file without an expiration date):
https://idp.login.iu.edu/idp/shibboleth - MDQ Metadata (URL directs to a file that expires two weeks after the download date):
https://mdq.incommon.org/entities/https%3A%2F%2Fidp.login.iu.edu%2Fidp%2Fshibboleth - Logout URL:
https://idp.login.iu.edu/idp/profile/Logout
- Entity ID:
- Pre-production environment:
- Entity ID:
https://idp-stg.login.iu.edu/idp/shibboleth - Metadata:
https://idp-stg.login.iu.edu/idp/shibboleth - Logout URL:
https://idp-stg.login.iu.edu/idp/profile/Logout
- Entity ID:
- The metadata query (MDQ) service removes unnecessary metadata clutter for your service by only loading necessary metadata from InCommon. This is accomplished by querying the InCommon MDQ service on demand for a specific entity. To learn more, see Introducing per-entity metadata service. The MDQ service provides bulk aggregates for all entities, or just identity providers if your service cannot query by entity.
- Metadata aggregate (all entities):
https://mdq.incommon.org/entities - Metadata aggregate (IdP-only):
https://mdq.incommon.org/entities/idps/all
- Metadata aggregate (all entities):
- Production environment:
Attribute names
| Attribute | Friendly name | SAML 2 name | Description |
|---|---|---|---|
givenName |
givenName |
urn:oid:2.5.4.42 |
First name Example: Johnny |
sn |
sn |
urn:oid:2.5.4.4 |
Last name Example: Doe |
displayName |
displayName |
urn:oid:2.16.840.1.113730.3.1.241 |
Full name Example: Johnny Doe |
mail |
mail |
urn:oid:0.9.2342.19200300.100.1.3 |
Primary email address Example: johnnydo@iupui.edu |
uid |
uid |
urn:oid:0.9.2342.19200300.100.1.1 |
Username Examples: username ( johnnydo) for IU usersusername@iuhealth.org for IUH users9#########@guest.iu.edu for guest accounts
|
eduPersonPrincipalName |
eduPersonPrincipalName |
urn:oid:1.3.6.1.4.1.5923.1.1.1.6 |
See REFEDS eduPerson specification Example: johnnydo@iu.edu |
eduPersonAffiliation |
eduPersonAffiliation |
urn:oid:1.3.6.1.4.1.5923.1.1.1.1 |
See REFEDS eduPerson specification Examples: student, staff, or faculty |
eduPersonScopedAffiliation |
eduPersonScopedAffiliation |
urn:oid:1.3.6.1.4.1.5923.1.1.1.9 |
See REFEDS eduPerson specification Examples: staff@iu.edu or student@iu.edu |
eduPersonEntitlement |
eduPersonEntitlement |
urn:oid:1.3.6.1.4.1.5923.1.1.1.7 |
See REFEDS eduPerson specification |
UniversityID |
universityid |
urn:mace:dir:attribute-def:universityid |
University ID Example: 0123456789 |
Attributes that require Data Steward approval
The following attributes require Data Steward approval for application integration and release.
| Attribute | Friendly name | SAML 2 name | Description |
|---|---|---|---|
eduPersonScopedAffiliation |
eduPersonScopedAffiliation |
urn:oid:1.3.6.1.4.1.5923.1.1.1.9 |
See REFEDS eduPerson specification Examples: staff@iu.edu or student@iu.edu |
eduPersonEntitlement |
eduPersonEntitlement |
urn:oid:1.3.6.1.4.1.5923.1.1.1.7 |
See REFEDS eduPerson specification |
UniversityID |
universityid |
urn:mace:dir:attribute-def:universityid |
University ID Example: 0123456789 |
This is document bdgs in the Knowledge Base.
Last modified on 2024-02-05 11:27:31.