Attribute Release For Cohortium Services
To access either the MFA Cohortium Registry or the MFA Cohortium Wiki, your institution's Identity Provider (IdP) must release the eduPersonPrincipleName (ePPN) attribute to the new platform. Ask your IdP's administrative contact to support the Research and Scholarship Category (most preferred) or to release ePPN directly to the Registry and Wiki.
| Note |
|---|
The MFA Cohortium Registry and Wiki are Research & Scholarship (R&S) Service Providers, as shown on the InCommon Service Categories page. If your Identity Provider already supports the Research and Scholarship Category, there is nothing further you need to do. Those Identity Providers known to be releasing attributes to R&S Service Providers are also listed on the InCommon Service Categories page. |
To release ePPN directly to the Registry and Wiki, your IdP's administrative contact will need to know the following entityIDs:
- https://registry.cohortium.internet2.edu/shibboleth
- https://wiki.cohortium.internet2.edu/shibboleth
Although not required, it would be useful if your IdP also released email, first name (givenName), and last name (surname) attributes to Cohortium services.
The following is an example of the configuration that the staff managing your institutional Identity Provider would need to add to the "attribute-filter.xml" Shibboleth IdP configuration file in order to release the needed attribute (ePPN) to the Internet2 ScalePriv MFA Cohortium Collaboration (CoCoA) environment-related SPs. There are actually two examples, one that just releases ePPN, and a second one that releases ePPN plus some additional attributes that would be useful to get, if your institution is so willing. (As noted before, if your institution already releases attributes to any service that has been approved to be in the "entity category" of Research & Scholarship, nothing more is needed – none of this additional configuration is required.)
...