Versions Compared

Old Version 22

changes.mady.by.user Davide Vaghetti

Saved on

compared with

New Version 23

changes.mady.by.user Davide Vaghetti

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


Once you have read this page and followed the instructions, you will have deployed a SAML2.0 compliant Service Provider and published it in eduGAIN. This means that a few million higher education users (students, university staff and faculty, researchers) will be able to  able to access to your services using their home institutions account, depending on the access control rules you have defined.

Prerequisites

Before attempting to follow the steps below, which explain how to deploy and register a SAML Service Provider with eduGAIN from scratch, it is recommended to first get familiar with some key concepts of federated identity management, the basis of eduGAIN and all SAML identity federations. A comprehensive overview of material that you might want to have a look at is available at the AARC Federations 101 page.

...

If you want to see and try federated login in action, have a look at SWITCH’s AAI Demo.

Before you Begin

General eduGAIN information

...

  • Enables trustworthy exchange of identity information between federations without many bilateral agreements
  • Reduces the costs of developing and operating services
  • Improves the security and end-user experience of services
  • Enables service providers to greatly expand their user base
  • Enables identity providers to increase the number of services available to their users

Joining eduGAIN

The publication in eduGAINan eduGAIN member federation, for a Service Provider, allows reaching a large audience of higher education users ( students, researchers , and staff of worldwide higher education institutions) without institutions without the technical and administrative difficulties inconveniences of maintaining and protecting repositories of user credentials. This is because authentication is always handled directly at and by the user’s home Identity Provider, while the Service Provider only has to deal with user Authorization. In Identity and Access Management, authentication is the process of confirming a user’s identity, usually by verifying the knowledge of a set of credentials (username, password). Authorization is the process of determining the access rights an authenticated user is eligible for. In eduGAIN terms, this would mean that a user accesses the Service Provider with an assertion of his identity and the Service Provider trusts that assertion because it comes from a trusted relying party, but it is always the Service Provider that decides to which parts of the service this authenticated user should have access.

Enabling a service for eduGAIN login is accomplished by joining an existing eduGAIN member federation and registering a Service Provider with this federation. The member federation then, following its own procedures, exposes the Service Provider to the rest of the eduGAIN federations and their entities.

Which (eduGAIN) federation to join

Joining eduGAIN means joining an eduGAIN member federation. But which one to join? There is no strict rule which federation to join. But one reasonable option should be to contact the national federation of the country where the Service Provider’s organisation is located or where the service is geographically operated (i.e. where its operators are located). This offers multiple benefits, such as ease of collaboration and access to documentation because of common shared native language, shared groups of interested prospective users, etc.

...

In both cases, metadata only contains technical information. You should enrich metadata with the non-technical information (e.g. technical contact, name, description) following this example.

Post Joining

Find below a few useful links for successfully operating and using a Service Provider.

Operation best practices

This section consists of a list of guides compiled by federations participating in eduGAIN that would prove useful in operating your Service Provider.

Maintenance

This section consists of a list of guides compiled by federations participating in eduGAIN that would assist with the maintenance of your Service Provider after it is put in production.

...