wiki:ServiceProviderFederation

Version 33 (modified by Dieter Van Uytvanck, 8 years ago) (diff)

some first updates

Table of Contents

  1. CLARIN IdP
  2. Central Discovery Service
  3. Service Provider Federation
    1. Changing the SAML metadata about SPF SPs
    2. How to add SAML metadata about the CLARIN IdP to your SP configuration
    3. Information per Identity Federation
      1. Haka (Finland)
      2. DFN-AAI
        1. attributes
      3. SURFconext
      4. UK federation
    4. Attributes in the SPF
      1. Attribute release
    5. Attributes requested by SPF services
      1. Component Registry?
      2. Virtual Collection Registry?
      3. WebLicht?
      4. TQE (CLARIN-NL, http://hdl.handle.net/1839/00-SERV-0000-0000-0005-6)
      5. Adelheid anntool ((clarin-nl, …

Note: this page is in the process of being updated (Nov 2016)

A good starting point for information about the Service Provider Federation is the public page https://www.clarin.eu/content/service-provider-federation

This wiki page contains the nitty-gritty technical details.

CLARIN IdP

See InfrastructureOverview

Central Discovery Service

See InfrastructureOverview

Service Provider Federation

Feedback on eduGAIN code of conduct: ServiceProviderFederation/EduGain?

Information about including logos in SAML metadata: recommendations and a related standardization discussion

Login testing: Manual testing of logins.

Distribution Matrix: overview of manual SAML metadata updates

Changing the SAML metadata about SPF SPs

How to add SAML metadata about the CLARIN IdP to your SP configuration

Information per Identity Federation

(original source no longer available))

Haka (Finland)

cn, sn, displayName, eduPersonPrincipalName, schacHomeOrganization, schacHomeOrganizationType

The major unique identifier: Currently, ePPN is the predominant unique ID.

The federation operator has published instructions on use of ePTID but hasn't strongly insisted its use.

Adding an SP: Haka?

DFN-AAI

attributes

sn, email, ePPN, ePSA, ePEntitlement, ePTID

What is the predominant unique identifier for end users?

  • eduPersonPrincipalName (ePPN)
  • eduPersonTargetedID(ePTID)/SAML2 PersistentID

Is there a policy for what should be used as the unique ID? No.

SURFconext

Mandatory attributes: No mandatory attributes

The major unique identifier: eduPersonPrincipalName (ePPN) - there is no formal policy for what should be used as the unique ID

UK federation

See section 7 of http://www.ukfederation.org.uk/library/uploads/Documents/technical-recommendations-for-participants.pdf for the recommended attributes in the UK.

Attributes in the SPF

The minimal set of required attributes:

The ideal set of attributes:

Attribute release

Attributes requested by SPF services

These should be listed in the SAML metadata about the SP.

Component Registry?

  • strictly required: ePPN
  • nice to have: displayName, cn (common name)

Virtual Collection Registry?

  • strictly required: eduPersonTargetedID (could also be configured to work with ePPN)
  • nice to have: cn, displayName

WebLicht?

  • strictly required: (no attributes - as not all IdPs? are releasing anything useful)
  • nice to have:

TQE (CLARIN-NL, http://hdl.handle.net/1839/00-SERV-0000-0000-0005-6)

  • strictly required: (no attributes)
  • nice to have: (no attributes)

Adelheid anntool ((clarin-nl, http://hdl.handle.net/1839/00-SERV-0000-0000-0005-6)

  • strictly required:
  • nice to have: