These are the simple steps to join the ACOnet Identity Federation as a member:
- Determine what document needs to be signed in order to become a federation member.
- Submit the completed agreement by (surface-)mail, fax or e-mail to ACOnet.
- Contact the eduID.at operations team, noting the type of service you intend to register and operate with the Federation.
We invite you to also begin technical integration work in parallel with the formal joining process (in order to avoid one delaying the other unduly). To that regard you will want to:
- Load & refresh SAML Metadata for all relevant entities, always verifying its signature with this Metadata Signing Key.
- For Identity Providers: configure attribute release policies
For Service Providers: configure authorization based on attributes sent from the IdP.
ACOnet participants not yet running a SAML Identity Provider can make use of the extensive documentation on installing and configuring one.
Service Providers
For the registration of SAML Service Providers within eduID.at please provide the following information:
- What attributes the service needs in order to function properly and what they are used for. Additional attributes not strictly needed for the service (but which may provide for a better user experience if available) may be listed separately, clearly indicating their optional status. See What attributes are relevant for a Service Provider for guidance.
- A display name and short (1 paragraph max.) description of the service (in English and/or German)
- The display name and email address of the technical contact to be published with the SAML entity description (a role account, not personal names/addresses)
- The URL to the Privacy Policy covering this service. See Privacy policy guidelines for Service Providers for more.
- An HTTPS URL referencing a logo for the service, if available (PNG format preferred), somewhere between 80 and 300 pixels in size (either dimension).
- How you intend to implement IdP Discovery. While you may use the fallback SAML Discovery Service(s) provided by ACOnet it's preferrable to integrate discovery with your service, in order to provide for a more consistent user experience. E.g. Shibboleth EDS or DiscoJuice are popular choices for Free/Libre SAML IdP Discovery Services you can easily integrate with any website.
Overview
Content Tools
Tasks