Identity Provider Attributes

The following user attributes are supported by this identity provider:

Attribute Name Description Example value SAFIRE
eduPersonTargetedID Persistent pseudonymous ID (remains constant on each login, but is different for each service provider) 6a70ed71d5a84a66e4fbf8bddf1cd78af6c5b5cd No
uid Rhodes username s1700000 No
eduPersonPrincipalName Cross-institutional form of Rhodes username (usually matches eduroam username) Yes
sn Surname or family name Jørgensen Yes
givenName Given name(s), typically a legal name Benjamin Vuyo No
eduPersonNickname Preferred name or nick name (what the person is usually known as) Ben Yes
displayName Name formated for display Ben Jørgensen Yes
mail Rhodes email address Yes
employeeNumber Rhodes employee or student number (student number is not set by default) 1700000 Yes
preferredLanguage Preferred language (currently only set from login interface) en Yes
eduPersonPrimaryAffiliation Primary affiliation at Rhodes (currently eDirectory context) staff Yes
eduPersonAffiliation Affiliation(s) (currently only based on eDirectory context)
  • staff
  • member
eduPersonScopedAffiliation Institutionally scoped version of eduPersonAffiliation
isMemberOf Group membership (currently from eDirectory)
  • Information & Technology Services
  • VPN Users
o Organisation name Rhodes University No
schacHomeOrganization Machine-readable form of the organisation name Yes
schacHomeOrganizationType Machine-readable description of organisation …:int:university No


  • Note that the presence of an attribute in the list above does not imply it will be available to a service provider. We practice minimal release, and each service provider needs to justify the attributes then require.
  • Attribute names like this are released by default, and are the only attributes that do not require specific motivation.
  • Example values like this are static and set by the IdP (they do not vary from user to user)
  • Attributes are released in URN:OID format using standard OIDs (as in the sample attribute-map.xml).
  • Attributes marked Yes in the SAFIRE column are released to the South African Identity Federation when connecting to a federated service provider, and SAFIRE handle consent and manage attribute release policies on our behalf.