You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 22 Next »

Considerations for SAML Identity Providers for use with services registered with other Identity Federations via Interfederation arrangements (such as eduGAIN).

Metadata

IDPs in eduID.at can always load SAML Metadata that also includes entities known via Interfederation agreements, such as eduGAIN. This alone is sufficient for all eduID.at Federation and Interfederation purposes:

eduID.at Metadata for Interfederation

http://eduid.at/md/aconet-interfed.xml

As always, use the provided Metadata Verification Key to make sure the metadata is authentic and hasn't been tempered with.

Make attributes available

Adjust the IDP configuration to lookup and/or generate any missing attributes.

All eduID.at-registered IDPs should be able to produce the following attributes:

Attribute release

Extend your existing IDP configuration to scalably release needed attributes to appropriate Service Providers.
The use of the provided Service Categories to automate attribute release as much as possible is strongly recommended for all IDPs participating in Interfederation.

Notify ACOnet

To make your Identity Provider usable with services registered in other federations contact ACOnet in order for your entity to become visible to those interfederation services.

If you added support for Service Categories-based attribute release (which is strongly recommended!) please also notify ACOnet about which ones you support, so this can be documented in your Identity Provider's SAML Metadata. Signalling the support for a given Service Category allows services relying on attributes defined in such Service Categories to automatically filter which IDPs they make available for login. By only listing IDPs who claim to support a given Service Category chances of successful logins (and hence of a proper user experience) for subjects coming from those Identity Providers are greatly enhanced!

  • No labels