Available Attributes for Applications
The below attributes are commonly requested by CAS/SAML/LDAP applications. Developers can request these attributes of authenticated users to be released to their applications (based on business needs) when they apply to register their applications for CAS/SAML/LDAP authentication. Additionally, please note that other attributes may be available based upon business need.
The attributes “employeeType” and "ou" will be obsolete and removed after 31 Dec 2020. Developers should replace this attribute with either “eduPersonAffiliation” or “voPersonAffiliation”, based on the application requirement on the user description. The attribute "eduPersonAffiliation" provides simple user description while the attribute "voPersonAffiliation" allows finer-grained description of users' relationship with HKUST.
|
Attribute |
Description and example |
|
uid |
ITSC network account name |
|
sn |
Surname |
|
givenName |
Given name |
|
cn (name) |
Fullname |
|
|
Email address |
|
departmentNumber |
Department code of the account belongs (e.g. ITSC, ISO, etc) |
|
employeeType |
See the above change. Use eduPersonAffiliation or voPersonAffiliation instead |
|
eduPersonPrincipalName |
Scoped identifier for a user as defined in eduPerson objectclass. This attribute is popular for applications in the research and academic area |
|
eduPersonAffiliation |
User's relationship(s) to the institution as defined in eduPerson objectclass. The permissible values are: faculty, staff, student, alum, member, affiliate, employee, library-walk-in. Please check here for our usage. |
|
voPersonAffiliation |
Defined in voPerson objectclass which is used alongside the eduPerson objectclass. An organization-specific affiliation, intended to parallel but expand upon eduPersonAffiliation, allowing for finer grained descriptions of affiliations. Please check here for our usage. |