Skip to end of metadata
Go to start of metadata

Purpose

This document describes the procedure used by a Shibboleth Service Provider (SP) operator to register their SP metadata with the UW.

Background

In order for an SP to work with an IdP, the SP and IdP must have information about each other. This information is referred to as metadata. During the installation process for Windows/IIS or Linux/Apache the SP is configured to retrieve the UW IdP metadata from InCommon. The SP operator provides their SP metadata to the UW IdP via the UW Service Provider Registry (SP Registry). By registering with the UW your SP will be able to authenticate users with UW NetIDs.

If your SP needs to authenticate users from additional InCommon federation sites, you should request registration with InCommon instead.

Registration overview

Registration involves several steps:

  1. Verify that you are permitted to register and manage your SP in the SP Registry. 

    • Your SP's DNS domain is registered in UW DNS and you are registered with the UW NOC as an owner of that domain,
      or
    • Your SP's DNS domain is NOT registered in UW DNS, but you have registered with us as an owner of the DNS domain. If you need to register your DNS ownership with us, send an email to iam-support@uw.edu with your SP's domain name and a list of the UW NetIDs (UW people) or ePPNs (external people) that should be listed as owners of the domain for SP registration purposes.

  2. Gather metadata details about your SP.

    • These details include your SP's certificates, ACS endpoints, and etc.
    • If your SP's Metadata endpoint is accessible to the SP Registry, most of this information will be filled in automatically when you register. There is normally no reason not to make this information accessible to the world.
      Icon

      By default your Metadata endpoint is located at https://<your dns name>/Shibboleth.sso/Metadata

    • Otherwise you will have to fill in the details yourself.

  3. Gather information about you and your organization.
    • This includes your organization's name and web address, site administrators names and email addresses, etc.

  4. Use the SP Registry application to submit the new registration.

Registration procedure

At the SP Registry:

  1. Click "New service provider"

  2. Choose a retrieval method.
    • Enter your SP's DNS name and press "Lookup"
      • The SP Registry will retrieve your metadata.
    • If the metadata lookup is not possible, select "Do it manually".

  3. Enter your organization information.

  4. Enter the name, email address, and phone number for at least one contact

  5. Verify that the other metadata is correct for your installation.
    Icon

    Complex installations, including any with multiple applications, will require manual additions to the generated text.

    • If you chose the manual option, enter the details now.

  6. Click "Create"



Allow about an hour for your SP information to propagate to the UW IdP. Testing won't work until this completes. See Flow of Metadata and Filter Policies from SP Registry to the IdP.

Maintenance of your registration

It important for communication between our IdP and your SP, and between our administrators and yours, that your information be kept up-to-date. Return to the SP Registry at any time to update your SP's information. At the SP Registry:

  1. Click "Service providers"

  2. Select your SP
    • Use the search feature to refine the list

  3. Click "Edit"

  4. Update your information as needed and click "Save changes"
  • No labels