Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For Identity Providers:

  1. Join SIFULAN Federation
  2. Determining connection method as a new Connecting as an Identity Provider (IdP):
  3. For Shibboleth Identity Providers
  4. Register IdP Metadata

For

...

For Service Providers:

  1. Join SIFULAN Federation
  2. Connecting as a Service Provider (SP)
  3. Register SP Metadata

...

Connecting as an Identity Provider (IdP):

Identity Provider Requirements:

  • Member of SIFULAN Federation
  • Single Sign-On systemOn system such as Shibboleth IdP or SimpleSAMLphp and Directory Service such as LDAP, AD, etc
  • Provide, at minimumat minimum, the following attributes: 
    • displayName (urn:oid:2.16.840.1.113730.3.1.241)
    • email (urn:oid:0.9.2342.19200300.100.1.3)
    • eduPersonPrincipalName(urn:oid:1.3.6.1.4.1.5923.1.1.1.6)
    • eduPersonAffiliation (urn:oid:1.3.6.1.4.1.5923.1.1.1.1)
    • eduPersonTargetedID (urn:oid:1.3.6.1.4.1.5923.1.1.1.10)
    • organizationName (urn:oid:2.5.4.10)

...

  1. Login to the SIFULAN Federation registry system (the login account will be provided once the IdP becomes SIFULAN Federation member),
  2. Wait for the Federation Administrator to approve the new organisation,
  3. Setup your Shibboleth Identity Provider here using your newly created Organisation in Identity Provider Description,
  4. Select the appropriate attributes that the Identity Provider will supply,
  5. Submit request and wait for approval via email.

Once you receive the confirmation email, connect to the Federation Registry and become the administrator for both the Organisation and Identity Provider.
Follow the instructions given by the confirmation emails of both the Organisation and Identity Provider to complete this process.

Adding IdP metadata to the Federation metadata: 

Please follow the tutorial at the following link to register your IdP metadata.

Note: Your identity provider will become active within the SIFULAN Federation 24 hours after approval.

...

Production Federation Metadata: https://sifulan.my/metadata/metadata.xml
Metadata Signing Certificate: https://sifulan.my/metadata/sifulan-signer.pem
SIFULAN Federation Discovery Service:  https://sifulan.my/DS/WAYF

...

Connecting as a Service Provider (SP):

Service Provider Requirements:

  • Member of SIFULAN Federation

...

  • The Service Provider metadata's will need to be added to production Federation metadata.
  • Currently, only Shibboleth SP and SimpleSAMLphp are supported by the Federation.

Adding SP metadata to the Federation metadata: 

(DO NOT use the following steps  if your Service Provider is ADFS or unable to handle multiple entities within its metadata)

  1. Login to the SIFULAN Federation registry system (the login account will be provided once the SP becomes SIFULAN Federation member),
  2. Wait for the Federation Administrator to approve the new organisation,
  3. Setup your Service Provider here using your newly created Organisation in Service Provider Description,
  4. Select the attributes that the SP requires and provide reasoning to why the specfic attributes are needed, 
  5. Submit request and wait for approval email.

Once you receive the confirmation email, connect to the Federation Registry and become the administrator for both the Organisation and Service Provider.
Follow the instructions given by the confirmation emails of both the Organisation and Service Provider to complete this process.

Please follow the tutorial at the following link to register your SP metadata.

Note: Your service provider will become active within the SIFULAN Federation 24 hours after approval.

Local Shibboleth SP configuration: 

...