IAM in Service Catalog
This document provides guidance on deciding when to obtain user attributes from the UW Identity Provider (IdP) or from other institutional data sources.
Applications often need information about the users logging in so that authorization and personalization functions can run. Shibboleth Service Providers (SPs) have the option to obtain user attributes from the UW IdP or from other institutional data sources. Pointers to information about commonly used data sources and considerations for using these and the UW IdP are provided below.
The attributes available from the UW IdP are sourced from the Person Directory Service (PDS), the Groups Web Service (GWS), or are computed by the IdP. See Guide to NameID Formats and Attributes Available from the UW IdP for more information.
This directory service provides information on group memberships. Application integration is possible via a web service (preferred) or LDAP client technologies (with limitations).
This directory service provides a variety of person data on faculty, staff, students, and alumni. Application integration is possible via a web service or LDAP client technologies.
If the attributes you need are available from the IdP, it's often easiest to just use those. Once configured you don't have to do anything special to use attributes from the IdP---they just show up in your application's environment when the user authenticates.
Some situations require you get user information from other sources. Common reasons are listed below.
Other institutional data sources are generally available only to UW applications for UW users.
uwEWPDept1from PDS, for example.