Versions Compared

Old Version 7

changes.mady.by.user Peter Brand

Saved on

compared with

New Version 8

changes.mady.by.user Peter Brand

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Considerations for SAML Identity Providers for use with services registered with other Identity Federations via Interfederation arrangements (such as eduGAIN).

Metadata

IdPs IDPs in eduID.at can always load SAML metadata Metadata that also includes entities known via Interfederation agreements, such as eduGAIN:

Info
iconfalse
titleeduID.at Metadata for Interfederation

httpshttp://eduid.at/md/aconet-interfed.xml

 As always, use the provided Metadata Verification Key to make sure the metadata is authentic and hasn't been tempered with.

Make attributes available

Adjust IdP the IDP configuration to lookup and/or generate potentially missing attributes. All eduID.at-registered IdP IDPs should be able to produce the following attributes:

  • Name attributes
    • displayName
    • givenName
    • sn
  • Identifiers
    • eduPersonTargetedId (a.k.a. SAML2 persistent NameID)
    • eduPersonPrincipalName
    • mail
  • Authorization
    • eduPersonScopedAffiliation
    • eduPersonEntitlement
  • Organizational data
    • schacHomeOrganization
    • schacHomeOrganizationType

...

Attribute release

Adjust IdP the IDP configuration to scalably release selected attributes to appropriate SPs.

...