Cliquez ici pour la version française

How to receive the European Student Identifier (ESI) for an SP

Warning : the feature described in this datasheet is not available at the moment. It will only be available with the next version of the federation registry (V3.2)

1. Purpose of the document

This datasheet describes the steps required for a Service Provider (SP) to receive the European Student Identifier (ESI) from Identity Providers (IdPs).

2. Modus Operandi

In order for a Service Provider (SP) to receive the European Student Identifier (ESI), the following actions must be performed from the federation registry :

  1. Explicitly request the schacPersonalUniqueCode attribute for its SP ;
  2. Declare its SP compliant with the ESI specification;
  3. Submit the changes.

Step 1 : Request the ''SchacPersonalUniqueCode'' attribute

In creation or edition mode, go to the tab Requested attributes and add the attribute schacPersonalUniqueCode in the list of user attributes required by the service provider:

Step 2 : Declare its SP compliant with the ESI specification

Then go to the Compliance tab and declare the SP compliant with the ESI specification by checking the corresponding box:

Before declaring your SP compliant with the ESI specification, ensure that it is eligible and meets all the requirements listed.

Step 3 : Submit changes

Finally, go to the Submission tab and submit the previous changes.

After a delay in processing by the federation registry, these changes will then be published automatically in the metadata of the service provider. The schacPersonaluniqueCode attribute should thus be present in the list of requested attributes as well as the ESI tag, as illustrated in the metadata extract below:

...
<!-- tag ESI-->
<mdattr:EntityAttributes> 
   <saml:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
      <saml:AttributeValue> https://myacademicid.org/entity-categories/esi</saml:AttributeValue>
  </saml:Attribute>
</mdattr:EntityAttributes>
...
<!-- Attribut schacPersonalUniqueCode obligatoire (isRequired="true")-->
<RequestedAttribute
   NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
   isRequired="true"
   Name="urn:oid:1.3.6.1.4.1.25178.1.2.14"
   FriendlyName="schacPersonalUniqueCode">
</RequestedAttribute>
...

This information published in the SAML metadata can then be used by Identity Providers to configure the automatic release of ESI according to the presence (or not) of this tag.