One point of correction on this - Identity Providers (institutions) will
need to join the UK Federation to use the gateways. More information can be
found here:
http://www.ukfederation.org.uk/content/Documents/OutsourcedProvider.
If anyone is making use of the gateways without being a member of the
Federation, please contact the Federation helpdesk as soon as possible:
[log in to unmask]: membership of the Federation for Identity
Providers is a requirement of the SLA that we hold with Eduserv for this
service.
-----Original Message-----
From: Discussion list for Shibboleth developments
[mailto:[log in to unmask]] On Behalf Of Alistair Young
Sent: 05 April 2007 15:14
To: [log in to unmask]
Subject: Re: Shibboleth for Athens authentication
Andy,
you don't need to join the UK federation. The gateway is separate from
that. All you need is eduPersonTargetedId and userRole (if you use Athens
permission sets).
You also have to give them a test account on your IdP.
I've attached a doc describing how to access My Athens via Shibboleth. I
prepared it for our Athens Shibboleth Gateway pilot.
The other way of accessing Athens resources is via their individual
gateway URLs. These are not user friendly! so we're setting up an
intermediary service to simplify librarians linking directly to Athens
resources.
In time though, the resources behind the gateway are meant to migrate to
the UK federation.
hope this helps,
Alistair
--
mov eax,1
mov ebx,0
int 80h
> Hi,
>
> We're at the early stage of planning a Shibboleth deployment. I've
> just found the "Shibboleth - Athens integration guide" at
> http://www.athensams.net/upload/athens/pdf/shib-athens-integration1.0.pdf
> which is very helpful. Could you folks just confirm that I've got this
> correct:
>
> If I want to deploy Shibboleth initially just to replace our Athens DA
> access to resources, all (!) I have to do is to
>
> deploy an IDP,
> set up our eduPerson attributes
> join the UK Federation
> register to use the gateway
> complete the testing as specified in the above doc
> and.....
>
> what is then required to changeover from using Athens DA to Shib, is it
> just Eduserve swapping the URL they used to redirect people to to that
> of the IDP? (Sorry if this is a dumb question I have previously had
> little involvement in this end of things).
>
> I was greatly encouraged in "section 2. Preparation" which says:
>
> "With appropriate planning and preparation, it is possible to configure
> a Shibboleth identity
> provider (IdP) to access the Athens gateway in just a few days."
>
> :-)
>
> Cheers
> Andy Swiffin
> Dundee University
>
----------------------------------------------------------------------
Anything in this message which does not clearly relate to the official
work of the sender's organisation shall be understood as neither given
nor endorsed by that organisation.
----------------------------------------------------------------------
|