Versions Compared

Old Version 28

changes.mady.by.user Peter Brand

Saved on

compared with

New Version 29

changes.mady.by.user Peter Brand

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Considerations for SAML Identity Providers for use with services registered with other Identity Federations via Interfederation arrangements (such as eduGAIN).

Metadata

All IDPs in eduID.at should always load SAML Metadata that also includes entities known via Interfederation agreements, such as eduGAIN. This metadata set alone is sufficient for all eduID.at Federation and Interfederation purposes, so can replace any previously used one:

...

Attribute release

Extend your existing IDP configuration to scalably release needed attributes to appropriate Service ProvidersIDP attribute release configuration to make use of Service Categories, to enable automated, scalable and controlled attribute release.
The use of the provided Service Categories to automate attribute release as much as possible is recommended for all eduID.at IDPs, especially those also participating in Interfederation.

...

If you added support for Service Categories-based attribute release (which is recommended) please also notify ACOnet about which ones you support, so this can be documented in your Identity Provider's SAML Metadata. Signalling the support for a given Service Category allows services relying on attributes defined in such Service Categories to automatically filter which IDPs they to make available for login. By only listing IDPs who claim to support a given Service Category chances of successful logins (and hence of a proper user experience) for subjects coming from those Identity Providers are greatly enhanced!