You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Considerations for SAML Identity Providers for use with services registered with other Identity Federations via Interfederation arrangements (such as eduGAIN).

Metadata

IdPs in eduID.at can always load SAML metadata that also includes entities known via Interfederation agreements, such as eduGAIN:

eduID.at Metadata for Interfederation

https://eduid.at/md/aconet-interfed.xml

 

Make attributes available

Adjust IdP configuration to lookup and/or generate potentially missing attributes. All eduID.at-registered IdP should be able to produce the following attributes:

  • Name attributes
    • displayName
    • givenName
    • sn
  • Identifiers
    • eduPersonTargetedId (a.k.a. SAML2 persistent NameID)
    • eduPersonPrincipalName
    • mail
  • Authorization
    • eduPersonScopedAffiliation
    • eduPersonEntitlement
  • Organizational data
    • schacHomeOrganization
    • schacHomeOrganizationType

 

Attribute release

Adjust IdP configuration to scalably release selected attributes to appropriate SPs.

TODO

  • No labels