Configuration of U-M IdP to Allow Access
U-M IT staff members can request configuration of the U-M Shibboleth IdP to allow access to a Shibboleth-enabled application or service.
- Shibboleth Configuration Request Form (U-M Login Required)
Attribute Release If Needed (SAML Only)
In most cases, the attributes already pre-approved for release are sufficient. If necessary, U-M IT staff members can request release of additional attributes (beyond those pre-approved for release to InCommon members) to Shibboleth-enabled Service Providers.
- U-M InCommon Attribute Release Policy and Procedure
- Shibboleth Attribute Release Request Form (U-M Login Required)
Claims for OIDC
A subset of OIDC's standard claims will be supported at U-M. These will include name (given name, surname, and full name), uniqname, and email address. OIDC scopes specify which claims are released to the SP. The U-M IDP currently supports the following scopes: openid, profile, email and offline_access.
Note: claims are the OIDC equivalent of SAML's attributes.