...
Over time, other Internet2 services will be integrated with the Gateway.
Federation Manager
Div |
---|
Wiki Markup |
---|
{div:style= | float:right;margin-left:1em;margin-bottom:1ex |
|
}{} [ |socialid:Demo Google Login] {note}{div} |
The InCommon Federation Manager uses the Google Gateway to authenticate a class of users called Delegated Administrators. The term Delegated Administration refers to the ability of a Site Administrator (who is a privileged user) to delegate responsibility for administering SP metadata to another administrator called a Delegated Administrator. A Delegated Administrator (DA) logs into the Federation Manager (FM) with a federated password, that is, the DA must have an account on an InCommon IdP. (InCommon Operations does not issue passwords to DAs.) If a site wishes to use the Delegated Administration feature of the FM, that site must deploy an IdP or use the Google Gateway.
...
You can view the applications you have consented to on your personal Google Accounts page:
If you revoke consent previously given for a particular application, the next time you attempt to access that application, you will be asked to approve the release of attributes.
...
Example. Suppose the Google IdP asserts the following email address:
Div |
---|
Wiki Markup |
---|
{div:style= | |
}{{user@gmail.com }}{div} |
The Gateway is configured to compute the corresponding ePPN
as follows:
Div |
---|
Wiki Markup |
---|
{div:style= | |
}{{user+gmail.com@google.incommon.org }}{div} |
In other words, the value of the ePPN
attribute is completely dependent on the email address obtained from Google.
...
On the other hand, the Gateway asserts an ePPN
with a fixed scope (“@google.incommon.org”). No configuration at the SP is necessary since by default the SP performs scoped attribute checking based on a fixed set of <shibmd:Scope>
elements in Gateway metadata. In fact, there is one such <shibmd:Scope>
element in Gateway metadata, namely:
Div |
---|
Wiki Markup |
---|
{div:style= | |
}{{<shibmd:Scope regexp="false">google.incommon.org</shibmd:Scope> }}{div} |
and so the ePPN
shown above will be accepted by the SP by default. The acceptance of any other ePPN
is left entirely to the discretion of the SP.
...
Span |
---|
Wiki Markup |
---|
{span:style= | |
}The Internet2/InCommon Google Gateway is an instance of [simpleSAMLphp|http://simplesamlphp.org/] deployed in the Amazon cloud. The Gateway is built and maintained by [Cirrus Identity|http://cirrusidentity.com/].{span} |