Federation Registry

Federation Registry

Create a new Service Provider

Have you heard of AAF Rapid Connect?

If you're considering launching a service in the AAF then Rapid Connect might be for you.

Benefits

  • There is no need to install a Shibboleth SP on your webserver;
  • It natively integrates into commonly used development languages;
  • PaaS solutions like Heroku, Google App Engine and Pagoda become suitable deployment targets for AAF services;
  • Attributes are already defined in logical sets, there is no approval process for attributes; and
  • Integration code is minimal, simple to write and easy to test.

If you'd like to use Rapid Connect there is no need to register below. Simply visit the Rapid Connect website and follow the Get Started guide for developers.

To create a Service Provider you need the following:

  • Contact details for the Service Provider to advertise to the federation.
  • Common details such as the Organisation owning the service provider, a display name and description to advertise and explain the service to end users, the URL to access the service and optionally a service logo
  • The technology stack being used. If you are using Shibboleth you will only need the hostname. If using another implementation you will need to collect the URLS for all SAML 2 endpoints it supports
  • The Public Key your Service Provider will use to sign and encrypt assertions in the federation. This must have a CN that is equal to your Service Providers hostname and be self signed
  • A list of the attributes your Service Provider requires to operate. These are defined as 'required' and 'optional'. The fewer required attributes your service has the more Identity Providers you will be compatible with. Additionally a reason for requesting each attribute must be provided which will be presented to users to help them understand how the service will utilize their private data

With the above details ready we estimate this process will take around 20 minutes to complete.


1. Primary Contact

Please enter the details you wish to advertise to the federation as the primary contact for this service provider.


2. Service Provider Description

Please select the organisation this service provider belongs to and provide descriptive information below. This will be used in several locations throughout the federation.


3. SAML Configuration

The following information will be used by identity providers and end users alike to connect to your service provider.

Easy registration using defaults

For administrators of commonly used service provider software we've created an easy registration route. Simply select the software type and provide the URL of your service. e.g: https://sp.example.edu.au.

    Shibboleth Service Provider (1.x)  Not available, please contact support.

OR

Advanced SAML 2 registration

Tweak the values created using the easy mode above or if you're using a different SAML 2 implementation all together provide your details from scratch here.


Index:
Binding: SAML:2.0:bindings:HTTP-POST
Index:
Binding: SAML:2.0:bindings:HTTP-Artifact


Binding: SAML:2.0:bindings:HTTP-Artifact

Binding: SAML:2.0:bindings:HTTP-Redirect

Binding: SAML:2.0:bindings:SOAP

Binding: SAML:2.0:bindings:HTTP-POST


Binding: SAML:profiles:SSO:idp-discovery-protocol


Binding: SAML:2.0:bindings:HTTP-Artifact

Binding: SAML:2.0:bindings:HTTP-Redirect

Binding: SAML:2.0:bindings:SOAP

Binding: SAML:2.0:bindings:HTTP-POST

4. Public Key Certificate

The public key certificate details you provide below will be used for message signing and encryption between your service provider and identity providers in the federation. You should provide your public key certificate in PEM format to allow us to ensure the certificate is valid.


5. Requested Attributes

Please nominate the attributes this service requires to operate and mark them required if they form an absolute pre-requisite for your service to operate correctly. For each attribute you request a valid reason must be provided which will be reviewed by federation administrators before final approval.

Required attributes are those without which a service cannot function. Keep this list as small as possible for maximum compatibility with identity providers.

Name Category Requested Reason for requesting Required
auEduPersonSharedToken
oid:1.3.6.1.4.1.27856.1.2.5

A unique identifier enabling federation spanning services such as Grid and Repositories
Core
commonName
oid:2.5.4.3

An individuals common name, typically their full name. This attribute should not be used in transactions where it is desirable to maintain user anonymity.
Core
displayName
oid:2.16.840.1.113730.3.1.241

Preferred name of a person to be used when displaying entries. This attribute should not be used in transactions where it is desirable to maintain user anonymity.
Core
eduPersonAffiliation
oid:1.3.6.1.4.1.5923.1.1.1.1

Specifies the persons relationship(s) to the institution in broad categories such as student, faculty, staff, alum, etc.
Core
eduPersonAssurance
oid:1.3.6.1.4.1.5923.1.1.1.11

This attribute represents identity assurance profiles (IAPs), which are the set of standards that are met by an identity assertion, based on the Identity Providers identity management processes, type of auth credential used, binding strength, etc.
Core
eduPersonScopedAffiliation
oid:1.3.6.1.4.1.5923.1.1.1.9

This attribute enables an organisation to assert its relationship with the user.
Core
eduPersonTargetedID
oid:1.3.6.1.4.1.5923.1.1.1.10

A persistent, non-reassigned, privacy-preserving identifier for a principal shared between a pair of coordinating entities
Core
email
oid:0.9.2342.19200300.100.1.3

E-Mail: Preferred address for e-mail to be sent to this person
Core
organizationName
oid:2.5.4.10

Standard name of the top-level organization (institution) with which the user is associated.
Core
auEduPersonAffiliation
oid:1.3.6.1.4.1.27856.1.2.1

Specifies a persons relationship to the institution in broad categories but with a finer-grained set of permissible values than eduPersonAffiliation.
Optional
auEduPersonLegalName
oid:1.3.6.1.4.1.27856.1.2.2

The users legal name, as per their passport, birth certificate, or other legal document
Optional
businessCategory
oid:2.5.4.15

Business Caregory
Optional
departmentNumber
oid:2.16.840.1.113730.3.1.2

Department Number
Optional
division
oid:1.2.840.113556.1.4.261

Division
Optional
eduPersonOrcid
oid:1.3.6.1.4.1.5923.1.1.1.16

The ORCID is a persistent digital identifier that distinguishes the account holder from every other researcher.
Optional
eduPersonPrimaryAffiliation
oid:1.3.6.1.4.1.5923.1.1.1.5

Specifies the persons PRIMARY relationship to the institution in broad categories such as student, faculty, staff, alum, etc.
Optional
eduPersonPrincipalName
oid:1.3.6.1.4.1.5923.1.1.1.6

eduPerson per Internet2 and EDUCAUSE
Optional
employeeNumber
oid:2.16.840.1.113730.3.1.3

Numerically identifies an employee within an organization
Optional
givenName
oid:2.5.4.42

Given name of a person
Optional
homeOrganization
oid:1.3.6.1.4.1.25178.1.2.9

Users Home Organization
Optional
homeOrganizationType
oid:1.3.6.1.4.1.25178.1.2.10

Type of Organization the user belongs too
Optional
mobileNumber
oid:0.9.2342.19200300.100.1.41

Mobile phone number
Optional
organizationalUnit
oid:2.5.4.11

OrganizationalUnit currently used for faculty membership of staff
Optional
postalAddress
oid:2.5.4.16

Business postal address: Campus or office address
Optional
schacPersonalUniqueID
oid:1.3.6.1.4.1.25178.1.2.15

Specifies a "legal unique identifier " for the subject it is associated with.
Optional
surname
oid:2.5.4.4

Surname or family name
Optional
telephoneNumber
oid:2.5.4.20

Office or campus phone number of the individual
Optional

6. Service provider ready to be registered

You've now supplied all data required to register a new service provider. If you'd like to change anything or review your input please do so now. When you are ready to finalise your registration click the submit button below.