The session data structure also contains an extensible set of protected (or core) properties. The following protected properties are set by OpenSSO Enterprise and can only be modified by OpenSSO Enterprise (primarily the Authentication Service).
This is the DN of the organization to which the user belongs.
This is the DN of the user.
This is a list of names to which the user has authenticated. (This property may have more then one value defined as a pipe separated list.)
This is the user's DN as returned by the module, or in the case of modules other than LDAP or Membership, the user name. (All Principals must map to the same user. The UserId is the user DN to which they map.)
This is a user name. (All Principals must map to the same user. The UserToken is the user name to which they map.)
This is the host name or IP address for the client.
This is the highest level to which the user has authenticated.
This is a pipe separated list of authentication modules to which the user has authenticated (for example, module1|module2|module3).
Applicable for service-based authentication only, this is the service to which the user belongs.
This is the client's login URL.
This is the host name of the client.
This attribute contains a value of true if the client browser supports cookies.
This is a string that specifies the time at which the authentication took place.
This attribute contains a value of true if the session has timed out.