Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Removed some outdated SPs, replaced SWITCH interfederation check with EARC

...

A useful service that permits to you to quickly test this for your Identity Provider is the "Interfederation Attribute Test" provided by SWITCH eduGAIN Attribute Release Check.

This service requires the following attributes:

  • email
  • eduPersonAffiliation
  • eduPersonPrincipalName
  • eduPersonTargetedID
  • eduPersonScopedAffiliation
  • displayName
  • commonName
  • schacHomeOrganization
  • schacHomeOrganizationType

If your Identity Provider doesn't release all recommended attributes, the Interfederation Attribute Test will show you the following message with the name of the missing recommended attributes:

Image Removedconsists of several Service Providers with different attribute settings and entity categories. Starting the check a user will log in on these services, which then check which attributes were released by the Identity Provider. At the end, a test verdict will be shown.

If the Identity Provider failed the test, its users may not have access to other eduGAIN services because the services MAY require some of the recommended attributes. May not is emphasized because it is important to understand that an Identity Provider does not have to release the recommended attributes to all eduGAIN services every time. The Interfederation Attribute Test eduGAIN Release Check only checks if an Identity Provider is able to release this set and therefore the test is only an indication of which attributes (or a subset thereof) may be requested by the eduGAIN services.

...

In the interfederation/eduGAIN context there are two concepts (entity categories) that are relevant for a responsible attribute release: The GÉANT Data Protection Code of Conduct and the "REFEDS Entity Category Research and Scholarship. Both are SAML entity categories, which classify Service Providers that commit to certain rules and/or meet certain requirements. Both concepts, which are orthogonal to each other, allow to create easier and safer attribute release rules. Therefore, it is recommended to support one or both of them.

...

If the Identity Provider successfully passed the above-mentioned Interfederation Attribute TestRelease Check, the next step could be testing access to some eduGAIN service that are open to use for all users of eduGAIN-enabled Identity Provider. Some of these services are listed below:

ServiceRequired AttributesDescription
AAI Viewer Interfederation Testemail, eduPersonAffiliation, eduPersonPrincipalName, eduPersonTargetedID, eduPersonScopedAffiliation, displayName, commonName, schacHomeOrganization, schacHomeOrganizationTypeThis service is used to test the interfederation readiness of SWITCHaai Identity Providers.
eduCONFemail, displayName, givenName, commonName, surname, eduPersonPrincipalName, eduPersonTargetedIDeduCONF supports and facilitates the use and adoption of videoconferencing, simplifying the videoconference experience and reducing operational costs. It enables further integration of the NRENs’ videoconferencing services within a coherent service, reduces travel costs, environmental impact and increases the awareness of Partners’ videoconferencing services across Europe.FoodleemailFoodle is a generic poll and survey tool for deciding meeting dates.
eduGAIN WikieduPersonTargetedID, eduPersonPrincipalNameThis wiki provides recommendations and instructions on how to enable web services for eduGAIN.
AAI Attribute ViewerpreferredLanguage, email, homePostalAddress, postalAddress, homePhone, telephoneNumber, mobile, eduPersonAffiliation, eduPersonOrgDN, eduPersonOrgUnitDN, eduPersonEntitlement, surname, givenName, uid, employeeNumber, ou, eduPersonPrincipalName, eduPersonAssurance, eduPersonTargetedID, eduPersonPrimaryOrgUnitDN, primaryGroupID, isMemberOf, eduPersonNickname, eduPersonScopedAffiliation, eduPersonPrimaryAffiliation, displayName, commonName, schacHomeOrganization, schacHomeOrganizationTypeDisplays all available attributes of a user for debugging and informational purposes.
GEANT IntranetemailA collaboration platform for GÉANT Project participants
~okeanos globaleduPersonTargetedID~okeanos is a brand new IaaS Service. "IaaS" stands for "Infrastracture as a Service". This means that you can build your own computer, always connected to the Internet, without worrying about hardware failures, spaghetti cables, connectivity hiccups and software troubles.
Moonshot WikieduPersonTargetedIDMoonshot is a single, unifying technology for extending the benefits of federated identity to a broad range of non-web services. This service hosts the wiki for Moonshot, containing technical documentation, along with installation and configuration guides.
Shibboleth.net Wikicn, displayName, eduPersonPrincipalName, eduPersonTargetedID, mailThe wiki hosting the documentation for Shibboleth. Unauthenticated users may view the existing documentation. Authenticated users may create new documentation pages and edit existing ones.