Search

Support Desk, 792-9700
   helpdesk@musc.edu

Identity Management
Documents
   IdAM Overview
   IdAM Charter (pdf)
   IdAM Standards
   Glossary
What's Next?
    Role Based Access
   
AuthLDAP
    Basic Setup

CAS
   Introduction & Info NEW!

NetID
   NetID Overview
   Managing Your Account
   Step-by-step Guide (pdf)
   Standards Summary
   Lookup NetID
NetID Documents:
    Catalyst Article (06/23/06)
    NetID Standards
    Good Passwords Registration Contact List

Shibboleth SSO
   Overview
   Shibboleth Wiki
   CGI Variables
   XML Maker

Related Links
   Computer Use Policy
   Information Security Policy
   Authentication Policy
   Patient Confidentiality (pdf)
   Info Services Home
   MUSC Home

   Webmaster

   Disclaimer

Shibboleth CGI Variables

Overview

After a successful authentication, Shibboleth releases certain variables back to Service Provider. These variables can be accessed just like normal CGI variables with whatever language your server supports. The wiki has examples of code in a number of languages.

A basic set of variables are released to all authenticating Service Providers. Additional variables may be released if the business need is appropriate. We do not want to release information to vendors or the like which might cause security problems in the future.

OLD SHIBBOLETH VARIABLES are denoted by red with a line-through. DO NOT use the red values for your applications. The only reason they are still being deployed is so that older Shibboleth applications will not break with this new installation.

The new attribute release values follow the eduPerson schema.

 

Released to ALL authenticating Service Providers

entitlement / Shib-EduPerson-entitlement

• What?
  • These values will be provided by Grouper. In short, this is how YOU can control access to your resource. If someone is not part of the group you have defined, they will not receive this value.
• Example:
  • urn:mace:musc.edu:entitlement:common-lib-terms;urn:mace:musc.edu:entitlement:COI_Mandatory
• Note:
  • This is a multivalued string. It will need to be tokenized around the semicolon.
• PoC:
  • John Imholz and Mitchelle Morrison are working on this project.

affiliation (scoped)

• What?
  • Affiliation specifies the person's relationship(s) to the institution in broad categories such as student, faculty, staff, alum, etc.
  • You can also use "unscoped-affiliation" listed below.
• Example:
  • employee@musc.edu;member@musc.edu
• Note:
  • This is a multivalued string. It will need to be tokenized.
  • Only those values part of the eduPerson schema are released externally.
  • All MUSC affiliation types are released internally only.

eduPersonPrincipalName ( eppn )

• What?
  • This is a person's NetID with the member scope.
• Example:
  • jdoe12@musc.edu, msue44@musc.edu
• Note:
  • This is a single value string.
  • Only those values part of the eduPerson schema are released externally.
  • All MUSC affiliation types are released internally.

uid (NetID)

• What?
  • Your NetID. What you use to logon to machines at MUSC.
• Example:
  • jzs10
• Note:
  • This is a single value string.

employeeNumber / pvid / Shib-EduPerson-pvid

• What?
  • Your employee number. PVID is the MUSC term.
• Example:
  • 9000##### (where ##### is specific to you)
• Note:
  • This is a single value string.

cn / Shib-Person-commonName (Common Name)

• What?
  • The name you use in public.
• Example:
  • Joe Smith
• Note:
  • This is a single value string.

sn (Surname)

• What?
  • Your last name.
• Example:
  • Smith
• Note:
  • This is a single value string.

gn (givenName)

• What?
  • Your first name.
• Example:
  • Josh
• Note:
  • This is a single value string.

mail / Shib-InetOrgPersonMail (Email)

• What?
  • Your email address.
• Example:
  • smithj@musc.edu
• Note:
  • This is a single value string.

st (NOTE! This value is hardcoded in Shibboleth)

• What?
  • State
• Example:
  • SC
• Note:
  • This is a single value string.

c (NOTE! This value is hardcoded in Shibboleth)

• What?
  • Country
• Example:
  • US
• Note:
  • This is a single value string.

l (NOTE! This value is hardcoded in Shibboleth)

• What?
  • Locality
• Example:
  • Charleston
• Note:
  • This is a single value string.

departmentNumber

• What?
  • Department Number for MUSC
• Example:
  • 9954000
• Note:
  • This is a single value string.

ou (Organizational Unit)

• The OU value will no longer be released as many of the OUs contain ampersands which royally messes up XML files.

unscoped-affiliation / Shib-EduPerson-affiliation

• What?
  • Affiliation specifies the person's relationship(s) to the institution in broad categories such as student, faculty, staff, alum, etc. It is a scoped value which means it is suffixed with "@musc.edu". Scoping allows resource sharing across large groups of people between federation members.
• Example:
  • employee;member;
• Note:
  • This is a multivalued string. It will need to be tokenized.
  • This value IS NOT to be released externally from MUSC. The scoped value should be released