'''Note''': this page needs to be updated (2014-08-13) As much information as possible should be kept at http://www.clarin.eu/spf However there might be some details to store here. Requirements for a "home for the homeless" IdP: [[ServiceProviderFederation/Homeless]] Towards an easy-to-use central Discovery Service: [[ServiceProviderFederation/Discovery]] High availability setup of CLARIN IdP and disco service: [[./AnyCast]] Feedback on [https://www.terena.org/events/details.php?event_id=2211 eduGAIN code of conduct]: [[ServiceProviderFederation/EduGain]] Information about including logos for the IdPs: [https://refeds.terena.org/index.php/MDUI_-_Software_recommendations recommendations] and a related [http://access.jiscinvolve.org/wp/can-we-standardise-on-mdui/ standardization discussion] == SP technical contacts == See http://infra.clarin.eu/aai/md_about_spf_sps.xml == Changing the SAML metadata about SPF SPs== * Commit the changes to source:aai/clarin-sp-metadata.xml in the CLARIN SVN repository * Make sure to check the '''XSD validity''' of the file! Be prepared to put 5 EUR in the CLARIN developers tipping box if you commit a non-valid file. * Every hour a cron job automatically checks out the latest version at http://infra.clarin.eu/aai/clarin-sp-metadata.xml == How to add SAML metadata about the CLARIN IdP to your SP configuration == * [[SP configuration guide]] == Information per Identity Federation == (source: https://refeds.terena.org/index.php/Federations) === Haka (Finland) === cn, sn, displayName, eduPersonPrincipalName, schacHomeOrganization, schacHomeOrganizationType The major unique identifier: Currently, ePPN is the predominant unique ID. The federation operator has published instructions on use of ePTID but hasn't strongly insisted its use. Adding an SP: [[ServiceProviderFederation/Haka]] === DFN-AAI === ==== attributes ==== sn, email, ePPN, ePSA, ePEntitlement, ePTID What is the predominant unique identifier for end users? * eduPersonPrincipalName (ePPN) * eduPersonTargetedID(ePTID)/SAML2 PersistentID Is there a policy for what should be used as the unique ID? No. ==== Software at the IdPs ==== {{{ But I think most of the IdPs in the DFN-AAI have been updated since the security advisory of July 25th, 2011. So, hopefully, most of the 95 IdPs in the DFN-AAI production federation(s) should be 2.3.2 or higher. There are 6 Shibboleth 1.3 / SAML 1.1 IdPs and AFAIK(!) only one case of SimpleSAMLphp IdP (but some more in the test federation). }}} === SURFconext === Mandatory attributes: No mandatory attributes The major unique identifier: The predominant unique identifier for end users is eduPersonPrincipalName (ePPN) There is no formal policy for what should be used as the unique ID === UK federation === See section 7 of http://www.ukfederation.org.uk/library/uploads/Documents/technical-recommendations-for-participants.pdf for the recommended attributes in the UK. == Attributes == The '''minimal''' set of required attributes: * [http://middleware.internet2.edu/eduperson/docs/internet2-mace-dir-eduperson-200806.html#eduPersonPrincipalName eduPersonPrincipalName] ''or'' [http://middleware.internet2.edu/eduperson/docs/internet2-mace-dir-eduperson-200806.html#eduPersonTargetedID eduPersonTargetedID] The '''ideal''' set of attributes: * [http://middleware.internet2.edu/eduperson/docs/internet2-mace-dir-eduperson-200806.html#eduPersonPrincipalName eduPersonPrincipalName] ''or'' [http://middleware.internet2.edu/eduperson/docs/internet2-mace-dir-eduperson-200806.html#eduPersonTargetedID eduPersonTargetedID] * [https://rnd.feide.no/attribute/cn/ cn] (common name) * [https://rnd.feide.no/attribute/mail/ mail] * [https://rnd.feide.no/attribute/o/ o] (organizationName) ''or'' [http://wiki.rediris.es/gtschema/Iriseduperson#schacHomeOrganization schacHomeOrganization] == CLARIN SP requirements == === [[Component Registry]] === * strictly required: ePPN * nice to have: displayName, cn (common name) === [[Virtual Collection Registry]] === * strictly required: eduPersonTargetedID (could also be configured to work with ePPN) * nice to have: cn, displayName === WebLicht === * strictly required: (no attributes - as not all IdPs are releasing anything useful) * nice to have: === TQE (CLARIN-NL, http://hdl.handle.net/1839/00-SERV-0000-0000-0005-6) === * strictly required: (no attributes) * nice to have: (no attributes) === Adelheid anntool ((clarin-nl, http://hdl.handle.net/1839/00-SERV-0000-0000-0005-6) === * strictly required: * nice to have: