External IT Knowledge - Common Names in UTORable and Shibboleth

The UTORauth service is a hub that takes information from a collection of “Systems of Record”: the Repository of Student Information (ROSI), Human Resources Information System (HRIS), and others. These systems record a user's official (legal) name. However, University of Toronto community members can select a preferred name (display first name) which differs from their official name. While both the official name and preferred name attributes are available through UTORauth, preferred names should be used instead of legal names whenever possible.

Name Attributes in Shibboleth and UTORable

We currently provide five attributes that present a user's name: officialFirstName, displayName, givenName, sn (surname), and cn (full common name). The common name is automatically populated based on the user's given name and surname.

If the user chooses a preferred name, their givenName attribute will have the same value as their displayName. If they do not have a preferred name set, their givenName will be the same as their officialFirstName.

A user's cn is the concatenation of their givenName and sn, joined by a space. For example:

Robert Smith	Catherine Williams
displayName: `Bob` officialFirstName: `Robert` givenName: `Bob` sn: `Smith` cn: `Bob Smith`	no displayName officialFirstName: `Catherine` givenName: `Catherine` sn: `Williams` cn: `Catherine Williams`

Service Providers and Common Names

Most Shibboleth Service Providers (SPs) at the University of Toronto require only distinguishing attributes from UTORauth. These are attributes that are always distinct for each user, such as UTORid, eduPersonPrincipalName (ePPN), UTID or mail.

Some SPs use common names to identify or display the names of users. Names are not distinguishing attributes, because there are people who share the same givenName, surname, and cn. Do not use common names as primary keys in any datastores. Use common names only to supplement or enhance the user interface.

If your system uses common names, be prepared for them to change. Even without the displayName/cn feature, names are subject to change due to corrections or changes in the user's official name (for example, as the result of a change of gender or marital status).

Service Providers and Legal Names

Some services need to make use of the officialFirstName attribute. There may be legal requirements for services that produce legal documents, or which provide data to systems that produce legal documents. For example, a site that manages awards or financial transactions may need to use official names. In these cases, please send us a request for the IdP to present officialFirstName in its SAML Assertions.

Contact

For further details, email the Shib Admin team.