Versions Compared

Old Version 3

changes.mady.by.user Nicolas Liampotis

Saved on

compared with

New Version 4

changes.mady.by.user Ahmed Shiraz Memon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Attribute DescriptionAttribute Friendly NameAttribute OIDAttribute Example Value
Persistent, non-reassigned, non-targeted identifier; this is always scoped @lifescienceid.orgeduPersonUniqueIdurn:oid:1.3.6.1.4.1.5923.1.1.1.13

ef72285491ffe53c39b75bdcef46689f5d26ddfa00312365cc4fb5ce97e9ca87@lifescienceid.org

Email addressmailurn:oid:0.9.2342.19200300.100.1.3john.doe@example.org
Display namedisplayNameurn:oid:2.16.840.1.113730.3.1.241John Doe
First namegivenNameurn:oid:2.5.4.42John
Family namesnurn:oid:2.5.4.4Doe
Assurance informationeduPersonAssuranceurn:oid:1.3.6.1.4.1.5923.1.1.1.11TBD
TBDeduPersonScopedAffiliationurn:oid:1.3.6.1.4.1.5923.1.1.1.9TBD
One or more URIs (either URNs or URLs) that indicate rights to specific resources; URN values expressing group membership and role information use the urn:geant:lifescienceid.org:group namespace (see also AARC-JRA1.1A)eduPersonEntitlementurn:oid:1.3.6.1.4.1.5923.1.1.1.7

urn:geant:lifescienceid.org:group:examplegroup#perun.pilots.lifescienceid.org

urn:geant:lifescienceid.org:group:examplegroup:examplesubgroup#perun.pilots.lifescienceid.org

urn:geant:lifescienceid.org:group:examplegroup:examplesubgroup:role=manager#perun.pilots.lifescienceid.org

One or more ORCID researcher identifierseduPersonOrcidurn:oid:1.3.6.1.4.1.5923.1.1.1.16http://orcid.org/0000-0002-1825-0097


OIDC

OIDC Client Registration

LifeScience Authentication and Authorisation Infrastructure (LS-AAI) supports LifeScience community's OpenID Connect (OIDC) based clients or service providers. The providers are Web applications like SAML SPs. For the integration, the clients must be registered with OIDC authorisation server provided by the LS-AAI. The operators of the clients are required to provide OIDC client credentials (client id and secret) and redirect or callback URI for the successful registration.

Metadata Discovery Endpoint

The OIDC endpoints can be discovered under the following address (also called well-known URL):

https://oidc.pilot.lifescienceid.org/oauth2/.well-known/openid-configuration

Scopes and Claims (Attributes)

Scope in the LS-AAI defines what claims or user attributes the OIDC client can access. Following three standard scopes with corresponding claims are provided:

ScopeClaim (User Attribute Name)
openidsub
profile


cn

c
email
givenName
sn
eduPersonUniqueId


emailemail