Values for connecting your application to IU Login with the SAML protocol

Use this information when setting up SAML authentication at Indiana University:

Note:
If you're setting up a service provider within your own application, follow the instructions in Connect to IU Login with the SAML protocol. If you're setting up a vended product, you'll most likely complete a form provided by the product's vendor with the following information.
  • Organization information:
    • Admin: ithelp@iu.edu
  • Identity provider:
    • Production environment:
      • Entity ID: https://idp.login.iu.edu/idp/shibboleth
      • Metadata (URL directs to a file without an expiration date): https://idp.login.iu.edu/idp/shibboleth
      • MDQ Metadata (URL directs to a file that expires two weeks after the download date): https://mdq.incommon.org/entities/https%3A%2F%2Fidp.login.iu.edu%2Fidp%2Fshibboleth
      • Logout URL: https://idp.login.iu.edu/idp/profile/Logout
    • Pre-production environment:
      • Entity ID: https://idp-stg.login.iu.edu/idp/shibboleth
      • Metadata: https://idp-stg.login.iu.edu/idp/shibboleth
      • Logout URL: https://idp-stg.login.iu.edu/idp/profile/Logout
    • The metadata query (MDQ) service removes unnecessary metadata clutter for your service by only loading necessary metadata from InCommon. This is accomplished by querying the InCommon MDQ service on demand for a specific entity. To learn more, see Introducing per-entity metadata service. The MDQ service provides bulk aggregates for all entities, or just identity providers if your service cannot query by entity.
      • Metadata aggregate (all entities): https://mdq.incommon.org/entities
      • Metadata aggregate (IdP-only): https://mdq.incommon.org/entities/idps/all

Attribute names

Attribute Friendly name SAML 2 name Description
givenName givenName urn:oid:2.5.4.42 First name
Example: Johnny
sn sn urn:oid:2.5.4.4 Last name
Example: Doe
displayName displayName urn:oid:2.16.840.1.113730.3.1.241 Full name
Example: Johnny Doe
mail mail urn:oid:0.9.2342.19200300.100.1.3 Primary email address
Example: johnnydo@iu.edu
uid uid urn:oid:0.9.2342.19200300.100.1.1 Username Examples:
username (johnnydo) for IU users

username@iuhealth.org for IUH users

9#########@guest.iu.edu for guest accounts
eduPersonPrincipalName eduPersonPrincipalName urn:oid:1.3.6.1.4.1.5923.1.1.1.6 See REFEDS eduPerson specification
Example: johnnydo@iu.edu
eduPersonAffiliation eduPersonAffiliation urn:oid:1.3.6.1.4.1.5923.1.1.1.1 See REFEDS eduPerson specification
Examples: student, staff, or faculty
eduPersonScopedAffiliation eduPersonScopedAffiliation urn:oid:1.3.6.1.4.1.5923.1.1.1.9 See REFEDS eduPerson specification
Examples: staff@iu.edu or student@iu.edu
eduPersonEntitlement eduPersonEntitlement urn:oid:1.3.6.1.4.1.5923.1.1.1.7 See REFEDS eduPerson specification
UniversityID universityid urn:mace:dir:attribute-def:universityid University ID Example:
0123456789

Attributes that require Data Steward approval

The following attributes require Data Steward approval for application integration and release.

Attribute Friendly name SAML 2 name Description
eduPersonScopedAffiliation eduPersonScopedAffiliation urn:oid:1.3.6.1.4.1.5923.1.1.1.9 See REFEDS eduPerson specification
Examples: staff@iu.edu or student@iu.edu
eduPersonEntitlement eduPersonEntitlement urn:oid:1.3.6.1.4.1.5923.1.1.1.7 See REFEDS eduPerson specification
UniversityID universityid urn:mace:dir:attribute-def:universityid University ID Example:
0123456789

This is document bdgs in the Knowledge Base.
Last modified on 2024-07-03 15:48:01.