Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space federationedit and version 2.9

Jump to: 

Table of Contents
maxLevel1
exclude(On this page)|(In this section)|(Related content)|(Get help)
typeflat
separatorpipe

Updating Contacts using Federation Manager

Log into the Federation Manager as a Site Administrator(SA).

Click on the entity you wish to update to bring up the View/Edit page.

On the left navigation, click "Contacts" to bring up the Contacts information section. Update contacts as appropriate.

Remember: your metadata is not published to the InCommon metadata until you submit it for publishing using the "Submit This Entity for Publishing" button in the Review and Submit section. When you are ready to publish your metadata, don't forget to press that button.

About Contacts information in the InCommon metadata

Contacts information in metadata enables Federation participants to contact each other to coordinate interoperation set up, support, and incident response efforts. The same information, when displayed as a part of the service's (Identity Provider or Service Provider) profile, also gives the user a way to contact the service operator for support and troubleshooting.

A contact record consists of a name, a type, and an email address.

The InCommon Federation supports 4 types of contact information:

Contact TypeRequiredDescription / Purpose
Administrative Contactrequires at least one

An Administrative Contact handles non-technical, business process related matters. Fellow federation participants and end users contact individuals in this role to address non-technical issues such as attribute release policy, on-boarding issues, privacy, assurance certification and other business operation matters.

Technical Contactrequires at least one

A Technical Contact responds to technical inquiries and incidents such as troubleshooting software, systems, or networking issues. 

To ensure a timely response and continuity, a Technical Contact should point to a technical operations group rather than an individual. 

Security Contactrequired

A Security Contact is your service's security incident response team, or at least the intake point for security incident response. Fellow federation participants contact persons in this role to coordinate security incidents involving federated access.

Support Contactoptional

A Support Contact is the party responsible for end-user support for your service. A Support Contact typically points to the service's help desk.

While optional, it is good practice to include your service's help desk in your metadata so that where appropriate, parties interoperating with you can direct a user to the correct support desk. 

How might these contacts be used?

 Here are a number of hypothetical user scenarios that rely on contact information:

  • A user authenticates successfully at the IdP and is subsequently redirected to the SP. The SP software, seeing that the SAML assertion does not contain the desired attributes, links to the IdP's errorURL location, if available. In addition to displaying a message to the user, the SP software sends a back-channel message to an institutional administrative contact at the IdP, describing in detail the event that just occurred. The message includes a pointer to the SP's saml-metadata-requested-attributes in metadata.
  • A user encounters and reports a technical failure while accessing a service. The SP's support staff determine that the user's IdP is misconfigured (e.g., its clock is off), and informs the technical contact at the IdP.
  • A user encounters and reports a technical failure while accessing a service. The SP's support staff determine that the user's environment is at fault, and assists the user in informing the support contact at the IdP.
  • A user's credential status is downgraded due to password compromise. They reset their password, but can't get to their grant submission site. The SP's support staff determine that the users assurance level is too low and assists the person in informing the support contact of the IdP.

See saml-mdui-contactperson for information about the XML syntax for contacts in SAML metadata.

Working with SAML metadata

Content by Label
showLabelsfalse
max10
showSpacefalse
cqllabel = "saml-metadata" and space = currentSpace()

Related content

Content by Label
showLabelsfalse
max10
showSpacefalse
cqllabel = "federation-manager" and space = currentSpace()


Get help

Can't find what you are looking for?

Button Hyperlink
iconhelp
titleAsk the community
typeprimary
urlask-the-community