...
Warning |
---|
NOTE WELL |
SWAMID WebSSO Service Provider
How to provide services to users associated with SWAMID members
Is your service provider already published to the interfederation eduGAIN by another federation?
...
Review and decide to accept the SWAMID Metadata Terms of Use (ToU). If you accept the ToU you do not need to communicate this to SWAMID Operations.
- We tag Service Providers with entity categories and encourage our IdPs to use them for attribute release. Please read through our 4.1 Entity Categories for Service Providers and decide which apply best for you. Please provide a motivation for your choice as described in the defined request processes for each entity category! SWAMID has a defined Attribute Profile that describes the normal use of attributes within the federation.
- Email SWAMID Operations to register and publish metadata for the service provider. This step implies acceptance of the ToU and constitutes a legally binding agreement to abide by the ToU. Please look into step 4 in the Shibboleth Service Provider installation instructions below to make your service provider work better with users within the federation and inter-federations.
- Integrate SWAMID Metadata into the service provider and optionally configure use of the SWAMID Discovery Service.
How to install a Shibboleth Service Provider
Step 1 - Installing a Web Server
- 1.1 Installing Apache Web Server 2.0 or higher with for Shibboleth Service Provider
- 1.2 Configuring Apache Web Server to use Shibboleth
- Installing IIS for MS windows 7.0 or higher
- 1.3 Configuring IIS for MS windowsDocker Image with apache and shibboleth
Step 2 - Installing Shibboleth Service Provider
- Installera - Linux med PKG
- Installera Shibboleth SP - Linux med RPM
- Installera Shibboleth SP - Windows med webbservern IIS
Step 3 - Configuring Shibboleth Service Provider for use in the SWAMID federation
- 3.1 Configure Shibboleth SP - shibboleth2.xml
- 3.2 Configure Shibboleth SP - attribute-map.xml
- 3.3 Configure Shibboleth SP - Check for Identity Assurance How to inform user of missing required attributes when accessing a serviceor REFEDS SIRTFI
- 3.4 Configure Shibboleth SP - Automatically validate metadata with ws-* extensions for ADFS IdPs
Step 4 - Get
...
When you got your web service ready with a installed and running Service Provider you need to make it easier for the users to use your service. The hardest step is to make the identity providers to release needed attributes to your service. This can be done in two different ways and you need to do both of them.
...
the correct attributes from Identity Providers
To make the login work smoother for your users you need to get the right attributes from the Identity Providers. To make it more easy to get the right attributes you need to follow the instructions below.
- 4.1 Entity Categories for Service Providers is used to enable support for automatic attribute release from Identity Providers.
- 4.2 How to inform user of missing required attributes when accessing a service.
- 4.3 Service Provider Metadata Extensions for Login and Discovery User Interface (MDUI) enhance user experience in Identity Providers and Discovery Services.
- 4.4 If your service shall be available within the international academic identity federations inform SWAMID Operations that your Service Provider shall be exported to eduGAIN.
...
- 4.5 If nothing else helps or you need special attributes that is not part of entity categories contact the Identity Providers that you've
...
- users from and
...
- that
...
- doesn't release needed attributes
...
- .
Step 5 - Register your Service Provider metadata in SWAMID
- When you your Service Provider is ready for production you must register your metadata with SWAMID. Please send the metadata file to SWAMID Operation together with the extra metadata information from step 4.
...
Don't forget to enhance user experience with Service Provider Metadata Extensions for Login and Discovery User Interface (MDUI). Look at the example to understand what the MDUI information can do with the user experience. More information and good practice for how to design a good login user interface can be found in the REFEDS login and discovery guidelines.
Example of MDUI use in an Identity Provider. The text (title and description) on the right is provided by Service Provide MDUI elements in SWAMID metadata for the service "Medarbetarportalen".
Children Display | ||
---|---|---|
|