Skip to end of metadata
Go to start of metadata

Purpose

This document describes the procedure used by a Shibboleth Service Provider (SP) operator to request registration of their SP metadata with InCommon.

Background

In order for an SP to work with an IdP, the SP and IdP must have information about each other. This information is referred to as metadata. During the installation process for Windows/IIS or Linux/Apache the SP is configured to retrieve IdP metadata from InCommon. If the SP needs to authenticate users from InCommon federation sites, the SP operator needs to have their SP metadata registered with InCommon. By registering with InCommon your SP will be able to authenticate users from the UW (an InCommon site) as well as from other InCommon federation members.

If your SP only needs to authenticate users from the UW and no other InCommon sites, you should just register with the UW instead. 

Procedure - Request Registration with InCommon

  1. Download your SP metadata from your metadata endpoint at https://<your dns name>/Shibboleth.sso/Metadata
  2. Send an email to iam-support@uw.edu that includes the following:
    1. The name and email address of at least one SP contact. Up to three contacts are supported and we strongly recommend providing at least two. Each contact should be designated as a Technical, Administrative, or Support contact. (Required)
    2. A user-friendly display name for your SP. (Required)
    3. A brief description (140 characters or less) of the service your SP provides. (Recommended)
    4. A URL where someone can go to read more about your service. (Recommended)
    5. A URL for an online privacy statement. UW SPs should generally use the official UW Online Privacy Statement (http://www.washington.edu/online/privacy). The UW Online Privacy Statement might not always be appropriate for UW-hosted SPs that represent consortia or other collaborative activities with other universities. (Recommended)
    6. A URL for a logo that represents your service (must be an https URL). Please provide the width and height (pixels) of your logo. Logo guidelines: (Recommended)
      1. Have a transparent background
      2. Have a landscape orientation (width > height)
      3. Have a minimum width of 100 pixels
      4. Have a minimum height of 75 pixels and a maximum height of 150 pixels (or the application will scale it proportionally)
    7. If you will be using the Centralized Discovery Service software (WAYF/IdP chooser) or another discovery service that uses the idp discovery protocol please include your "DiscoveryResponse" endpoint(s).
    8. Indicate whether your SP will require any of the following attributes to be released from InCommon IdPs. (Recommended):
      1. common name (cn)
      2. displayName
      3. eduPersonAffiliation
      4. eduPersonEntitlement
      5. eduPersonPrincipleName (ePPN)
      6. eduPersonScopedAffiliation
      7. eduPersonTargetedID (ePTID)
      8. givenName
      9. mail
      10. organizationName (o)
      11. surname (sn)
    9. Attach your metadata file to the email (Required). 
  3. A UW InCommon site admin will register the metadata on your behalf and let you know when that is done or if they have questions.

Note: The information you provide will be displayed on a public web page at InCommon (https://incommon.org/federation/info/all-entities.html#SPs). It will also be consumed by InCommon IdPs and optionally displayed on help pages or error pages when one of their users attempts to access your SP.

See Flow of Metadata from InCommon to the UW IdP for information on when InCommon publishes updated metadata and when it becomes available to the UW IdP.

If you need to update your SP registration in InCommon or have it deleted, send an email to iam-support@uw.edu with a list of the changes you require. Attaching your updated metadata file will help avoid any miscommunications when requesting updates to your registration.

See Also

  • No labels