You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

SAML

Metadata registration

SAML authentication relies on the use of metadata. Both parties (you as a SP and the LifeScience IdP) need to exchange metadata in order to know and trust each other. The metadata include information such as the location of the service endpoints that need to be invoked, as well as the certificates that will be used to sign SAML messages. The format of the exchanged metadata should be based on the XML-based SAML 2.0 specification. Usually, you will not need to manually create such an XML document, as this is automatically generated by all major SAML 2.0 SP software solutions (e.g., Shibboleth, SimpleSAMLphp, and mod_auth_mellon). It is important that you serve your metadata over HTTPS using a browser-friendly SSL certificate, i.e. issued by a trusted certificate authority.

You can get the metadata of the LifeScience IdP on a dedicated URL that depends on the integration environment being used:

Development environmentProduction environment
https://saml.pilot.lifescienceid.org/proxy/saml2/idp/metadata.phpTBD

Attributes

The LifeScience IdP is guaranteed to release a minimal subset of the REFEDS Research & Scholarship attribute bundle to connected Service Providers. A more extensive list of all the attributes that may be made available to Service Providers is included in the following table:

Attribute DescriptionAttribute Friendly NameAttribute OIDAttribute Example Value
Persistent, non-reassigned, non-targeted identifier; this is always scoped @lifescienceid.orgeduPersonUniqueIdurn:oid:1.3.6.1.4.1.5923.1.1.1.13

ef72285491ffe53c39b75bdcef46689f5d26ddfa00312365cc4fb5ce97e9ca87@lifescienceid.org

Email addressmailurn:oid:0.9.2342.19200300.100.1.3john.doe@example.org
Display namedisplayNameurn:oid:2.16.840.1.113730.3.1.241John Doe
First namegivenNameurn:oid:2.5.4.42John
Family namesnurn:oid:2.5.4.4Doe
Assurance informationeduPersonAssuranceurn:oid:1.3.6.1.4.1.5923.1.1.1.11TBD
TBDeduPersonScopedAffiliationurn:oid:1.3.6.1.4.1.5923.1.1.1.9TBD
One or more URIs (either URNs or URLs) that indicate rights to specific resources; URN values expressing group membership and role information use the urn:geant:lifescienceid.org:group namespace (see also AARC-JRA1.1A)eduPersonEntitlementurn:oid:1.3.6.1.4.1.5923.1.1.1.7

urn:geant:lifescienceid.org:group:examplegroup#perun.pilots.lifescienceid.org

urn:geant:lifescienceid.org:group:examplegroup:examplesubgroup#perun.pilots.lifescienceid.org

urn:geant:lifescienceid.org:group:examplegroup:examplesubgroup:role=manager#perun.pilots.lifescienceid.org

One or more ORCID researcher identifierseduPersonOrcidurn:oid:1.3.6.1.4.1.5923.1.1.1.16http://orcid.org/0000-0002-1825-0097


OIDC

  • No labels