Attributes
The following is a complete list of attributes that can be returned by SSOv2 and SSOv3. There are notes against each one explaining their usage and availability. What the SSO versions really mean here is if the attribute is available from the old SSOv2 plain text interfaces or from the attributes you'd get from the User object in SSOv3. Although there is some inconsistency between attributes, the reality is that you will most likely be accessing these attributes through proper accessor methods on the User object, so the attribute names don't matter. However, you can always get at the extended original attributes through the User.getExtraProperties() method.
Attribute name | Example values | SSO version | Notes |
---|---|---|---|
firstname | Joe | SSOv2 | |
id | 9900001 | SSOv2 | University number |
lastname | Bloggs | SSOv2 | |
member | true, false | SSOv2 | Basically just if user is staff or student or not |
returnType | 1, 2, 3, 4, 51, 52, 53, 54 | SSOv2 | Status codes for the old SSOv2 plain text interfaces |
staff | true, false | SSOv2, SSOv3 | |
urn:mace:dir:attribute-def:eduPersonAffiliation | member, affiliate, alum | SSOv2, SSOv3 | Same as urn:mace:dir:attribute- def:eduPersonScopedAffiliation but without scoping |
dept | Information Technology Services, Chemistry | SSOv2 | University department this user belongs to |
deptcode | IN, CH | SSOv2 | Code for University department |
deptshort |
CELTE, IT Services |
SSOv2, SSOv3 | Shorter department name, if one exists |
joe.bloggs@warwick.ac.uk | SSOv2 | ||
warwickattendancemode | 1, F, P, YM, YO, SF, EP, EF | SSOv2, SSOv3 | F full time; P part time; YM mandatory year out; YO optional year out; SF short course full time; EP extension was part time; EF extension was full time. |
student | true, false | SSOv2, SSOv3 | |
name | Joe Bloggs | SSOv2 | Full name, combining first and last names |
urn:mace:dir:attribute-def:eduPersonTargetedID | 1onogpy7jb3wc968ehsdzasdfa1 | SSOv2, SSOv3 | Used to uniquely identifier a user on a per service basis |
token | wfnoxvndbkdyplbisciyvhnwjwjkuxrasctudvto | SSOv2 | Unique login token, only issued on requestType=2 |
valid | 43200 | SSOv2 | How long the above token is valid for in seconds |
urn:websignon:ipaddress | 137.205.255.255 | SSOv2, SSOv3 | The IP address from which the user logged in. This can be used for security checking. However the ip address could well in fact be the ip address of the server that was logging a user in, for instance SiteBuilder. Once everyone logs into the new SSOv3 login screen, this will be more reliable |
urn:websignon:loggedin | true, false | SSOv3 | |
ou | see dept | SSOv3 | see dept |
see email | SSOv3 | see mail | |
warwickuniid | see id | SSOv3 | see id |
urn:websignon:proxygrantingticket | qomldbhjqsduiqkfnlggnxwdgqpnkytxuwtnffyox | SSOv3 | Used for creating proxy tickets |
sn | see lastname | SSOv3 | see lastname |
urn:websignon:ssc | oggajxxpkpixjnvambyohulvaballnveqbhdkbgho | SSOv3 | To be used by individual services to set their Service Specific Cookie (SSC) |
dn | cn=joeblogs,ou=CU,o=Warwick | SSOv3 | Unique LDAP address, only when user is from LDAP |
cn | see user | SSOv3 | see user |
warwickdeptcode | see deptcode | SSOv3 | see deptcode |
givenName | see firstname | SSOv3 | see firstname |
warwickyearofstudy | 1, 2, 3, 4 | SSOv2, SSOv3 | If the user is a student, which year they are in |
warwickfinalyear | Y, N | SSOv2, SSOv3 | Is the student in their final year? |
warwickcategory | U, T, R, F | SSOv2, SSOv3 | U undergraduate; T taught postgraduate; R research postgraduate; F foundation |
warwickcoursecode | GV17, C700 | SSOv2, SSOv3 | This is the 4-character route code eg C700 biochemistry. There are 1466 such codes |
warwickenrolementstatus | F, P, 1, 2, M, G, R, E, T, Y, L | SSOv2, SSOv3 | F fully registered; P permanently withdrawn; 1 expected to enrol; 2 expected to re-enrol; M mandatory year abraod; G resitting without residence; R restrating next year; E in extension; T temporarily withdrawn; Y reciprocal exchange year; L limbo |
logindisabled | true, false | SSOv2, SSOv3 | Is this user actually able to login. You will be able to get details of this account, but the user will not be able to login because it has expired, been disabled or similar. |
urn:websignon:usersource | WarwickNDS, WBSAlumni, WarwickExtUsers, WarwickGradAssoc | SSOv2, SSOv3 | Newly added with release of SSOv3, but available in SSOv2 interfaces as well |
urn:mace:dir:attribute-def:eduPersonScopedAffiliation | member@warwick.ac.uk, affiliate@warwick.ac.uk, alum@warwick.ac.uk | SSOv2, SSOv3 | Basically signifies where the user came from. A member@warwick.ac.uk is a true Warwick person, but affiliate and alum are not full members, probably from a different user source |
user | cusyac, testuser | SSOv2, SSOv3 | The user code of this user |
warwickstatuscode | C, P, PD | SSOv2, SSOv3 | C (Current); P(permanently withdrawn); PD (permanently withdrawn in debt) |