Child pages
  • Migrating an SP to Global Research and Scholarship

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Existing R&S IdPs in the InCommon Federation are currently in the process of migrating to global R&S. New Likewise new R&S IdPs will be encouraged to support global R&S as well. More importantly, InCommon will soon begin importing the metadata of R&S IdPs from other federations. In anticipation of these events, existing R&S SP owners should begin to develop a migration strategy to for global R&S.

All Since all R&S SPs in the InCommon Federation now meet the requirements of the international REFEDS Research & Scholarship Entity Category specification and therefore all , R&S SPs have a multivalued R&S entity attribute in InCommon metadata. In that sense, all R&S SPs have successfully migrated to global R&S. However, if an R&S SP depends on the R&S entity attribute in IdP metadata, then additional migration steps are may be required since the entity attributes in IdP metadata will change as IdPs declare their support for global R&S.

...

Warning
titleAn R&S IdP carries a single-valued entity attribute in its metadata
An R&S IdP will carry either the incommon.org R&S tag or the refeds.org R&S tag , but not both. An SP that depends on the R&S entity attribute in IdP metadata must take this fact into account.

For example, a Shibboleth SP that restricts its discovery interface to R&S IdPs might configure the following <MetadataProvider>:

Code Block
languagexml
titleA Shib configuration that recognizes an R&S entity attribute in IdP metadata
<!--
    The following MetadataProvider attempts to refresh the 
    InCommon production metadata aggregate every hour.
-->
<MetadataProvider type="XML"
    url="http://md.incommon.org/InCommon/InCommon-metadata.xml"
    backingFilePath="InCommon-metadata.xml" maxRefreshDelay="3600"
    legacyOrgNames="true">

  <!-- Verify the signature on the metadata file -->
  <MetadataFilter type="Signature" certificate="inc-md-cert.pem"/>

  <!--
      Require a validUntil XML attribute on the EntitiesDescriptor element
      and make sure its value is no more than 14 days into the future
  -->
  <MetadataFilter type="RequireValidUntil" maxValidityInterval="1209600"/>

  <!--
      As the refeds.org R&S tag becomes more prevalent, the
      order of the attributes should be reversed for efficiency.
  -->
  <DiscoveryFilter type="Whitelist" matcher="EntityAttributes">
    <saml:Attribute
        Name="http://macedir.org/entity-category-support"
        NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
      <saml:AttributeValue>http://id.incommon.org/category/research-and-scholarship</saml:AttributeValue>
    </saml:Attribute>
    <saml:Attribute
        Name="http://macedir.org/entity-category-support"
        NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
      <saml:AttributeValue>http://refeds.org/category/research-and-scholarship</saml:AttributeValue>
    </saml:Attribute>
  </DiscoveryFilter>

</MetadataProvider>

...