Hi Alistair,
The WAYF service can read the metadata files from the federation, and
can accumulate metadata from several federations. So once you have
access, the changes you make to your IdP service should generally only
need to be passed as far as the federation. (You may have to then wait
for a while until each supplier updates their metadata from the
federation, but this isn't likelyt ot take too long.)
Suppliers are unlikely to just trust every federation member for every
federation they deal with (the UK federation includes some open identity
providers, which anyone can create accounts with over the web), so the
process is really one of establishing trust between you and ensuring
that you meet any additional requirements beyond those you have to meet
as part of the federation. This will probably include use of attributes
to get particular services, as the UK Federation does not mandate the
use of particular attributes for particular purposes, leaving this
decision up to individual SPs and IdPs. I run an SP in the federation
which requires eduPersonPrincipalName for access to some of the
applications we host, for example, and there are not all that many SPs
which do the same (so far).
Cheers,
Simon
Alistair Young wrote:
> so it's not enough to join the uk fed, we have to also contact all our
> suppliers and get ourselves added to their particular shibb interface?
> or will the suppliers listed as being members of the uk federation be
> able to be accessed via the federation and its metadata? Then again,
> that's a fair amount of overhead for a supplier to deal with, multiple
> federation metadata. And if our metadata changes, we have to notify
> the fed and all our shibb enabled suppliers? We have two so far
> (RefWorks and ScienceDirect) and neither seem to "support" the uk fed.
>
> Alistair
>
> On 24 Jan 2008, at 14:27, Nicole Harris wrote:
>
>> Hi Alistair
>>
>> It's a process mainly used by SPs who use their own WAYF. You need
>> to inform the SP to get yourself added to the their WAYF if they are
>> doing so. In terms of whether that has a national layer to depends
>> on how the SP has set their WAYF up!
>>
>> N.
>>
>> Alistair Young wrote:
>>>
>>> out of interest, what determines that list? We subscribe to
>>> ScienceDirect and we're in the uk federation. I noted that RefWorks
>>> has a shibb login option, with Washington as the sole entry. Is this
>>> heralding another layer to navigate? Login via shibboleth but first
>>> choose which federation you're in?
>>>
>>> Alistair
>>>
>>> On 24 Jan 2008, at 14:11, Roberts A.L. wrote:
>>>
>>>> Dear List,
>>>>
>>>> We are in the process of testing access to various SPs at the mo,
>>>> one of which is Science Direct. We’ve been added as an institution
>>>> that can login via shib. Problem is that when I try and log into
>>>> the service the SP SHIRE is failing with the following message:
>>>> Inter-institutional Access System Failure
>>>> The inter-institutional access system experienced a technical
>>>> failure at Thu Jan 24 08:12:28 2008
>>>> "><!-- Unknown SHIBMLP key: originErrorURL/>.
>>>> Please include the following error message when reporting the problem:
>>>> SHIRE failure at (https://sdauth.sciencedirect.com/SHIRE)
>>>> Session Creation Error: unable to verify signed profile response
>>>> ---------------------
>>>>
>>>> According to the Science Direct login page the following
>>>> institutions are all valid to login via their IdPs. Has anyone from
>>>> these sites had a similar problem?
>>>>
>>>> Aberystwyth University
>>>> Cardiff University
>>>> JISC project: Angel
>>>> London School of Economics and Political Science
>>>> Thames Valley University
>>>> University College London
>>>> University of Abertay Dundee
>>>> University of Bath
>>>> University of Bristol
>>>> University of Cambridge
>>>> University of Leeds
>>>> University of Oxford
>>>>
>>>> Just for info I’ve already contacted the UK Fed people and they
>>>> have checked that the IdP setup is right at our end and I have sent
>>>> a request to SD asking for the log entries that correspond to our
>>>> failed login attempt.
>>>>
>>>> AL
>>>>
>>>> Mr. Alexander Roberts
>>>> Web Development Officer
>>>> Library and Information Services
>>>> Swansea University/Prifysgol Abertawe
>>>> +44 (0)1792 513239
>>>>
>>>
>>> --------------
>>> mov eax,1
>>> mov ebx,0
>>> int 80h
>>
>> --
>> Nicole Harris
>> Senior Services Transition Manager
>> JISC Executive
>> Brettenham House (South Entrance)
>> 5, Lancaster Place
>> London WC2E 7EN
>>
>> Tel: 02030066035
>> Mob: 07734058308
>>
>>
>> ----------------------------------------------------------------------
>> Anything in this message which does not clearly relate to the official
>> work of the sender's organisation shall be understood as neither given
>> nor endorsed by that organisation.
>>
>>
>> ----------------------------------------------------------------------
>>
>>
>
> --------------
> mov eax,1
> mov ebx,0
> int 80h
>
Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm
|