You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »


You can register your service with the GEANT SAML proxy, so that it can use the existing authentication options such as eduGAIN, social media, guest IdPs, etc.

The SAML proxy has the Research and Scholarship entity category, and as a result  downstream services should not conflict with this, and use similarly compatible protocols:

For instance:

Service Providers that are operated for the purpose of supporting research and scholarship interaction, collaboration or management, at least in part.

Example Service Providers may include (but are not limited to) collaborative tools and services such as wikis, blogs, project and grant management tools that require some personal information about users to work effectively. This Entity Category should not be used for access to licensed content such as e-journals.

And:


The Service Provider is a production SAML deployment that supports SAML V2.0 HTTP-POST binding.


Required information



InformationDescriptionExample
Technical contact
  • authentication issues
  • security issues
  • privacy issues
support@it.geant.org
Support contact

"Generic" support questions for the actual service

  • how does it work

Usually the application administrators or the teams that run it.

support@it.geant.org
Service name

Very short name to be shown in user interfaces.

GÉANT Wiki
Service description

Longer descriptive text, for instance with details like:

  • intended audience
  • its status (production, testing)
  • when it was set up
  • the software type/version it runs
Atlassian Confluence wiki, production instance.
Service URLThe actual URL to the main servicehttps://wiki.geant.org
MetadataValid SAML2.0 metadata

a URL to the XML metadata (preferred), or an XML metadata file.

Note that a public list of all connected services will be made publicly available. This mean that services can not be "hidden".

Supplied information

The SAML proxy will always provide the following attributes to its downstream services:

SAML attributeexample valueremarks
uidfederated-user-1234Unique user ID, always available.
mailuser@domainDefaults to the string 'invalid_email_needs_updating' if none was provided by the upstream IdP
displayNameRobert WagnerDefaults to the string 'first_name last_name' or similar if bit aren't provided by the upstream IdP
isMemberOf

  • GN_Services:GN Project Participants

  • GN4Phase3:WPs:WP9

  • GN4Phase1:SAs:GN4-1_SA3-T4

Multivalued attribute listing the CAMS group memberships.
  • No labels