IdP Metadata & Logout URLs

Pre-production SP to IdP configuration:

  • https://shib-test.bu.edu/idp/shibboleth
  • SLO: https://shib-test.bu.edu/idp/logout.jsp

Production configuration:

  • https://shib.bu.edu/idp/shibboleth
  • SLO: https://shib.bu.edu/idp/logout.jsp

Authorization Attributes

Feature & Attribute Names Description/Options OIDs (if needed): eduPerson, inetOrgPerson, rfc4519
Permissible values (multi): 

faculty, student, staff, alum, member, affiliate, employee, library-walk-in

1.3.6.1.4.1.5923.1.1.1.1
Requires project to populate. 1.3.6.1.4.1.5923.1.1.1.7
Not currently available for release. 1.3.6.1.4.1.5923.1.1.1.2
Populated using “o”, with BU domain information 1.3.6.1.4.1.5923.1.1.1.3
Permissible values (scalar): 

faculty, student, staff, alum, member, affiliate, employee, library-walk-in

1.3.6.1.4.1.5923.1.1.1.5
eduPersonPrincipalName (aka ePPN) Typical value: 

@bu.edu

1.3.6.1.4.1.5923.1.1.1.6
Permissible values (multi): 

@bu.edu

1.3.6.1.4.1.5923.1.1.1.9
eduPersonTargetedID Released by default. 1.3.6.1.4.1.5923.1.1.1.10
First Name; includes middle name or abbreviations if available. 2.5.4.42
Full Name 2.5.4.3
Last Name 2.5.4.4
BU login name (multi); includes aliases if defined. 0.9.2342.19200300.100.1.1
Contact Sponsor, HR and OUR data trustee for required approval. 2.16.840.1.113730.3.1.3
mail BU email address
This is empty if record has RESTRICT’ed email or login name.
0.9.2342.19200300.100.1.3
OrganizationName
This is currently populated using BU’s PH:Department attribute which is designed for White Pages consumption, not for programs.
2.5.4.10
Deprecated. Shibboleth capable SP’s should use ePPN.
Release only if specified by Applications Architecture; this is sometimes needed by SAML (not Shibboleth) SP applications.
2.5.4.10