Available Attributes for Applications

Available Attributes for Applications

The below attributes are commonly requested by CAS/SAML/LDAP applications. Developers can request these attributes of authenticated users to be released to their applications (based on business needs) when they apply to register their applications for CAS/SAML/LDAP authentication. Additionally, please note that other attributes may be available based upon business need.

Note for upcoming changes

The attributes “employeeType” and "ou" will be obsolete and removed after 31 Dec 2020. Developers should replace this attribute with either “eduPersonAffiliation” or “voPersonAffiliation”, based on the application requirement on the user description. The attribute "eduPersonAffiliation" provides simple user description while the attribute "voPersonAffiliation" allows finer-grained description of users' relationship with HKUST.


Description and example


ITSC network account name
(No need to explicitly request in CAS as it returns as login name by default)




Given name

cn (name)



Email address


Department code of the account belongs (e.g. ITSC, ISO, etc)


See the above change. Use eduPersonAffiliation or voPersonAffiliation instead


Scoped identifier for a user as defined in eduPerson objectclass. This attribute is popular for applications in the research and academic area


User's relationship(s) to the institution as defined in eduPerson objectclass. The permissible values are: faculty, staff, student, alum, member, affiliate, employee, library-walk-in. Please check here for our usage.


Defined in voPerson objectclass which is used alongside the eduPerson objectclass. An organization-specific affiliation, intended to parallel but expand upon eduPersonAffiliation, allowing for finer grained descriptions of affiliations. Please check here for our usage.