Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: archive link for REFEDS disco guide

These are the simple steps to join the ACOnet Identity Federation as a member:

  1. Determine what document needs to be signed in order to become a federation member.
  2. Submit the completed agreement by (surface-)mail , fax or e-mail to ACOnet.
  3. Contact the eduID.at operations team, noting the type of service you intend to register and operate with the Federation.

We invite you to also begin technical integration work in parallel with the formal joining process (in order to avoid one delaying the other unduly). To that regard you will want to:

...

.

...

ACOnet participants not yet running a SAML Identity Provider can make use of the extensive documentation on installing and configuring one.

Service Providers

For the registration of SAML Service Providers within eduID.at please provide the following information:

Info
iconfalse

Providers who are already offering their services within other academic Identity Federations, please indicate the name of at least one of those federations. Unless the SAML metadata registered there already contains all the information below, please also indicate the following in your request to the eduID.at operations teamanother Identity Federation that's participating in eduGAIN do not join the ACOnet Identity Federation at all. Instead the SAML Metadata registered with and published by that other federation suffices to also reach most eduID.at member institutions.

For the registration of a SAML Service Provider (SP) within eduID.at please provide the following information, in addition to a copy of the SAML 2.0 Metadata describing your Service Provider (or the URL to such metadata).

  1. What attributes the service needs in order to function properly and what they are used for. Additional attributes not strictly needed for the service (but which may provide for a better user experience if available) may be listed separately, clearly indicating their optional status. See What attributes are relevant for a Service Provider for guidance.
  2. Which of the common Service Categories (REFEDS R&S, GÉANT CoCo v1, REFEDS CoCo v2, etc.) your SP claims to support.
    N.B.: SPs without support for any of the (community-)standard Service Categories will experience failed log-in attempts due to IDPs not releasing attributes – unless the SP has leverage to convince IDPs otherwise, e.g. by managing "trust" via contracts anyway or by having special political power or legal standing.
  3. A display name and short (1 paragraph max.) description of the service (in English and/or German)
  4. The display name and email address of A functional/role email address (and optional display name) – not a personal one – for the technical contact to be published with the SAML entity description (a role account, not personal names/addresses).
  5. The URL to the Privacy Policy covering this service. See Privacy policy guidelines Notice template document for Service Providers for more.
  6. An HTTPS URL referencing a logo for the service , if available (in PNG format preferred), somewhere between 80 and 500 250 pixels in size (either dimension).
  7. How you intend to implement IdP Discovery. While you may use the fallback SAML Discovery Service(s) provided by ACOnet it's preferrable to integrate discovery with your service, in order to provide for a more consistent user experience. E.g. Shibboleth EDS or DiscoJuice are popular choices for Free/Libre SAML IdP Discovery Services you can easily integrate with any website., cf. the REFEDS Discovery Guide.
  8. Whether you intend to also participate in Interfederation/eduGAIN (only makes sense if the target audience of the service also includes members of academic institutions outside Austria.)

Identity Providers

For the registration of a SAML Identity Provider (IDP) within eduID.at please provide the following information, in addition to a copy of the SAML 2.0 Metadata describing your Identity Provider (or the URL to such metadata).

  1. Whether the IDP supports access to services via Service Categories (both REFEDS R&S and GÉANT CoCo strongly recommended)
  2. The preferred display name for the organisation in German and English language (if differing from what the organisation's web site shows)
  3. Functional/role email address(es), not personal one(s) – possibly re-using the same address for all roles – and display names for:
    • the IDP's technical contact
    • the support contact (optional)
    • the security contact (if not supplied the technical contact will be re-used)
  4. HTTPS URLs referencing:
    • A logo for the organisation (PNG format), between 80 and 250 pixels in size (either dimension)
    • A "favicon"-style icon (16×16 pixel)
  5. Whether you intend to also participate in Interfederation/eduGAIN (strongly recommended)