Claims¶
Vinyl's authentication model is fundamentally claims-based. Authentication schemes, such as WS-Federation and SAML Single Sign-On (SSO) supply a set of claims about the user. Vinyl uses those claims to identify the user and update user attributes such as the user's email address. Even authentication schemes that are not inherently claims-based are treated as such by Vinyl.
Supported Claims¶
Vinyl recognizes the following claims:
| Name | Description |
|---|---|
| Name ID | The name identifier is an opaque, immutable value assigned to the user. It cannot be reassigned or reused. |
| Name | The unique name of the user. Common values used for the name claim include user names, such as SAM account names, and email addresses. |
| E-mail Address | The e-mail address of the user. |
| Display Name | The user's preferred display name. |
| Full Name | The user's full name. E.164 is the recommended format. RFC 3966 is recommended for extensions. |
| Phone Number | The user's preferred phone number. |
| Group | User group membership. |
Either the Name ID or Name claim must be supplied. All other claims are optional.
Note
Note that specific authentication providers may support additional claims.