eduPersonPrincipalName
| dev |
|---|
eduPersonPrincipalName, also commonly referred to as ePPN, is the identifier of the person for the purposes of inter-institutional authentication. It should be represented in the form "user@scope" where scope defines a local security domain.
Remark
Because of its ubiquity (all logged in users have logon IDs), ePPN is often used as the key identifier in local applications. However, application developers should remember that ePPN is not guaranteed to be unique and persistent over time. At UCLA, a person's logon ID may change over time. In addition, while it is not currently done, logon ID may be reassigned in the future. If your application requires a unique, persistent identifier, please use eduPersonTargetedID or uclaPPID instead.
eduPersonPrincipalName is a calculated attribute based on data in the Enterprise Directory. It takes the form of:
<uclaLogonID>@ucla.edu
for example, a user with the logon ID "joebruin" has an ePPN of:
joebruin@ucla.edu
Note: While it looks similar, an ePPN is not an email address. Having an ePPN does not necessarily mean that person has an email address of the same value.
Release Policy
UCLA does not by default release this attribute to service providers. Each service provider is required to submit a request for data access and is subject to data privacy review from campus data stewards.
For additional information, please contact Albert Wu
See Also
The Official eduPerson Object Class Definition
eduPersonTargetedID
Usage
This is the usage of this attribute in the attribute-map.xml file. For more information about Mapping the attribute please visit Shibboleth wiki.
| Code Block | ||||
|---|---|---|---|---|
| ||||
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" id="SHIBEDUPERSONPRINCIPALNAME"> <AttributeDecoder xsi:type="ScopedAttributeDecoder"/> </Attribute> |