If you are one of the many IdPs that already supports CILogon, it is very easy to convert your CILogon configuration to a more general R&S configuration since the attribute requirements for CILogon are precisely those attributes required for support of R&S.
Software Requirements
The software requirements for the upgrade described here include Shibboleth IdP v2.3.4 or later. First read how to configure your Shibboleth IdP to support R&S before continuing.
Your current CILogon configuration probably looks something like this:
<AttributeFilterPolicy id="releaseToCILogon"> <PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="https://cilogon.org/shibboleth"/> <AttributeRule attributeID="eduPersonPrincipalName"> <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule> <AttributeRule attributeID="email"> <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule> <AttributeRule attributeID="displayName"> <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule> <AttributeRule attributeID="givenName"> <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule> <AttributeRule attributeID="surName"> <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule> </AttributeFilterPolicy>
Now simply replace the CILogon entityID with the R&S entity attribute:
<AttributeFilterPolicy id="releaseToRandS"> <PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://id.incommon.org/category/research-and-scholarship"/> <AttributeRule attributeID="eduPersonPrincipalName"> <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule> <AttributeRule attributeID="email"> <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule> <AttributeRule attributeID="displayName"> <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule> <AttributeRule attributeID="givenName"> <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule> <AttributeRule attributeID="surName"> <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule> </AttributeFilterPolicy>
That's it, you're done. Congratulations, you've just given your users access to all R&S SPs.
To have your IdP added to the list of IdPs that support R&S, fill out this short form (just 6 questions) that declares your willingness and ability to support R&S. Once this is done, your IdP will be added to the list, normally within one business day.