User ID (also referred to as username) | An identifier used by the target application to uniquely identify the authenticated user. The user ID does not necessarily have to be the same for all target applications. The user ID does not necessarily have to be equal to what the user entered in the login form. |
| The string the end-user entered in the login form (e.g. username, contract number, email address). |
| In case the authenticated user is being represented by a representer, this attribute specifies who is representing the user. |
| Roles granted to the user during authentication. |
| Context data attributes of the user (e.g. postal address or email address). The attributes may be from the user database, another identity provider (OAuth, OIDC), or extracted from an SSO ticket. Propagating context data may be an alternative to synchronizing user data repositories in some scenarios. |
| Access and ID tokens from OAuth/OIDC flows. |
| Login-related statistical information such as latest login dates, number of failed logins, etc. |
| In some special cases (e.g. HTTP Basic Authorization), the user's password is required for identity propagation. It is only available if explicitly configured to be available. |