Cliquez ici pour la version française
How to receive the European Student Identifier (ESI) for an SP
1. Purpose of the document
This datasheet describes the steps required for a Service Provider (SP) to receive the European Student Identifier (ESI) from Identity Providers (IdPs).
2. Modus Operandi
In order for a Service Provider (SP) to receive the European Student Identifier (ESI), the following actions must be performed from the federation registry :
- Explicitly request the
schacPersonalUniqueCode
attribute for its SP ; - Declare its SP compliant with the ESI specification;
- Submit the changes.
Step 1 : Request the ''SchacPersonalUniqueCode'' attribute
In creation or edition mode, go to the tab Requested attributes
and add the attribute schacPersonalUniqueCode
in the list of user attributes required by the service provider:
Step 2 : Declare its SP compliant with the ESI specification
Then go to the Compliance
tab and declare the SP compliant with the ESI specification by checking the corresponding box:
Step 3 : Submit changes
Finally, go to the Submission
tab and submit the previous changes.
After a delay in processing by the federation registry, these changes will then be published automatically in the metadata of the service provider. The schacPersonaluniqueCode
attribute should thus be present in the list of requested attributes as well as the ESI tag, as illustrated in the metadata extract below:
... <!-- tag ESI--> <mdattr:EntityAttributes> <saml:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue> https://myacademicid.org/entity-categories/esi</saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes> ... <!-- Attribut schacPersonalUniqueCode obligatoire (isRequired="true")--> <RequestedAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" Name="urn:oid:1.3.6.1.4.1.25178.1.2.14" FriendlyName="schacPersonalUniqueCode"> </RequestedAttribute> ...
This information published in the SAML metadata can then be used by Identity Providers to configure the automatic release of ESI according to the presence (or not) of this tag.