The Incommon Federation wiki has moved.

Please visit the new InCommon Federation Library wiki for updated content. Remember to update your bookmarks.

Click in the link above if you are not automatically redirected in 15 seconds.



You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 45 Next »

Browse a list of all current R&S SPs and IdPs

This topic is specifically designed for existing R&S IdP operators. An R&S IdP operator has two options:

  1. Migrate to the global R&S category
  2. Maintain existing attribute release policy

See the sections below for detailed configuration instructions.

Contents

Migrating to the Global R&S Category

This section is for existing R&S IdPs that want to support global Research & Scholarship by releasing attributes to all R&S SPs, including R&S SPs in other federations.

Supporting the REFEDS R&S Entity Category

To support R&S globally, an existing R&S IdP follows this simple 3-step process:

  1. Review the authoritative REFEDS Research & Scholarship Entity Category specification
    1. The requirements for an R&S IdP have not changed
    2. The requirements for an R&S SP have changed slightly (a gap analysis has been prepared for your convenience)
  2. Configure your IdP to release attributes to all R&S SPs globally (see next section)
  3. Declare your IdP's ability to support global R&S by submitting a short form
An IdP that releases attributes to all R&S SPs will be among the first group of InCommon IdPs whose metadata is exported to eduGAIN.

Configuring an IdP to Release Attributes Globally

Most of the Research & Scholarship (R&S) IdPs in the InCommon Federation are configured with a policy rule that releases attributes to R&S SPs tagged with the legacy incommon.org R&S entity attribute value:

A Shib IdP V2 rule that releases attributes to legacy R&S SPs
<afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
    attributeName="http://macedir.org/entity-category"
    attributeValue="http://id.incommon.org/category/research-and-scholarship"/>

To support R&S globally, an R&S IdP should instead be configured with a policy that releases the R&S Attribute Bundle to all R&S SPs, including R&S SPs in other federations:

A Shib IdP V2 rule that releases attributes to ALL R&S SPs
<afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
    attributeName="http://macedir.org/entity-category"
    attributeValue="http://refeds.org/category/research-and-scholarship"/>
 
<!-- for Shib IdP V3, use type saml:EntityAttributeExactMatch instead -->

For more detailed information about configuring an IdP for R&S, consult the R&S Attribute Bundle Config topic.

To facilitate the migration process suggested by the previous configurations, all R&S SPs registered by InCommon now have a multivalued R&S entity attribute in metadata.

Important! For both SPs and IdPs, only the refeds.org R&S entity attribute value is exported to eduGAIN:

Exporting the R&S entity attribute

The legacy incommon.org R&S entity attribute value

http://id.incommon.org/category/research-and-scholarship

is not exported to eduGAIN. Only the refeds.org R&S entity attribute value

http://refeds.org/category/research-and-scholarship

is exported to eduGAIN!

See the R&S Entity Metadata topic for details about entity attributes in metadata.

Maintaining Existing Attribute Release Policy

This section is for existing R&S IdPs that want to continue to release attributes to R&S SPs registered by InCommon.

Configuring an IdP to Release Attributes Locally

Most of the Research & Scholarship (R&S) IdPs in the InCommon Federation are configured with a policy rule that releases attributes to R&S SPs tagged with the legacy incommon.org R&S entity attribute value:

A Shib IdP V2 rule that releases attributes to legacy R&S SPs
<afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
    attributeName="http://macedir.org/entity-category"
    attributeValue="http://id.incommon.org/category/research-and-scholarship"/>

An instance of Shibboleth IdP V2 leverages the Registered By InCommon Category to retain its current attribute release policy without relying on the legacy InCommon R&S entity attribute value:

A Shib IdP V2 rule that releases attributes to R&S SPs registered by InCommon
<afp:PolicyRequirementRule xsi:type="basic:AND">
  <basic:Rule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://refeds.org/category/research-and-scholarship"/>
  <basic:Rule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://id.incommon.org/category/registered-by-incommon"/>
</afp:PolicyRequirementRule>

An instance of Shibboleth IdP V3 leverages either the registered-by-incommon entity attribute (as above) or the <mdrpi:RegistrationInfo> element directly, as shown in the following example:

A Shib IdP V3 rule that releases attributes to R&S SPs registered by InCommon
<afp:PolicyRequirementRule xsi:type="basic:AND">
  <basic:Rule xsi:type="saml:EntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://refeds.org/category/research-and-scholarship"/>
  <basic:Rule xsi:type="saml:RegistrationAuthority"
      registrars="https://incommon.org"/>
</afp:PolicyRequirementRule>

For more information about configuring an IdP for R&S, consult the R&S Attribute Bundle Config topic in the wiki.

 

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels