JA T3 Framework

Fast. Flexible. Powerful


The correct eduPersonPrimaryAffiliation in SimpleSAMLphp

How to provide the correct eduPersonPrimaryAffiliation in SimpleSAMLphp

If you are using LDAP or AD and you do not store the primary affiliation of your users, you can usually use the 'dn' or 'distinguishedName' of the user to supply the attribute.

Usually your dn will look something like this 'ou=xxx,ou=Staff,dn=xxx,dn=xxx'. You should configure the AttributAlter filter in the configuration array:

80 => array(
    'class' => 'core:AttributeAlter',
    'pattern' => '/ou=Staff/',
    'replacement' => 'staff',
    'subject' => 'distinguishedName',
85 => array(
    'class' => 'core:AttributeMap',
    'distinguishedName' => 'eduPersonPrimaryAffiliation'

The numbers, 80 and 85, may be different depending on the current setup. Remember to change the 'pattern' so it searches for the correct string. This depends on how your local setup is. You should set up a AttributeAlter filter for each type of user you have in your local setup, i.e. student, faculty, staff. See the eduPersonPrimaryAffiliation description for allowed values.

WAYF – Where Are You From
Asmussens Allé, bygning 305
2800 Kgs. Lyngby


You are here