1. Service Centre
  2. Authentication Systems
  3. Single Sign-On Authentication

WAYF Authentication

Mr. WISEflow
Updated

WAYF is an authentication system usable with WISEflow. It uses organisational ID and optionally national ID. This method of authentication is administered by the institution. 

WAYF authentication features:

When a user authenticates successfully through the institution, they will be granted access to an existing user with that ID.

WAYF.png

When a user authenticates successfully through the institution and no user with the ID exists in WISEflow, WISEflow creates a user for them with the given ID and information.

When a user authenticates successfully through the institution authentication system, we enrich the user holding the organisational ID in WISEflow with the following information:

  • First name
  • Last name
  • Organisational ID
  • National ID
  • E-mail
  • User role (Student → Participant, Staff → Assessor)

When a user authenticates successfully through WAYF, the following attributes will be linked to the user's information: 

Name WAYF Attribute URN:OID Required From IDP
Last Name sn urn:oid:2.5.4.4 True
First Name gn

displayName

 urn:oid:2.5.4.42 True
Nickname cn urn:oid:2.5.4.3 True
National Unique ID*

schacPersonalUniqueID

norEduPersonNIN

urn:oid:
1.3.6.1.4.1.25178.1.2.15

 False
The user's role at the identity provider's domain

eduPersonScopedAffiliation

eduPersonAffiliation

urn:oid:
1.3.6.1.4.1.5923.1.1.1.9

 False
Organisation**

schacHomeOrganization

eduPersonOrgDN

urn:oid:
1.3.6.1.4.1.25178.1.2.9

 True
Student Number*

norEduPersonLIN

urn:oid:
1.3.6.1.4.1.2428.90.1.4

 False

Unique Organisation ID

 eduPersonPrincipalName urn:oid:
1.3.6.1.4.1.5923.1.1.1.6		 True

Email*

 mail urn:oid:
0.9.2342.19200300.100.1.3		 False***

The user's primary affiliation with home organisation

 eduPersonPrimaryAffiliation urn:oid:
1.3.6.1.4.1.5923.1.1.1.5		 True

*A user in WISEflow can have multiple national IDs, student numbers and emails

**If organisation is not present, it is set from eduPersonPrincipleName

***Email is required if the WISEflow licence is set up to create users directly from WAYF

See this link for further information on WAYF: WAYF-WISEflow documentation

Clarification on isRequired Attributes in WAYF documentation

Even if an attribute is marked as isRequired in the WAYF documentation, it is not technically required by WAYF. The attribute will be processed if received, but the system does not depend on its presence to function.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section