Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 

...

Metadata Processing Instructions/Checklist

This checklist describes what happens if an SP operator submits metadata during the eduGAIN Easy SP Registration workflow using the UK Access Management Federation as federation of last resort.

...

The process starts for the GÉANT Enabling Users eduGAIN Support team with a registration request that is submitted by an SP administrator on the web page [INSERT WEB PAGE ONCE KNOWN] How to Join eduGAIN as Service Provider. The content of the metadata registration form then is submitted to [INSERT EMAIL ONCE KNOWN]the mailing list simplified-registration@lists.geant.org and from there to support@edugain.org. From this point on the goal of the Enabling Users team is toeduGAIN Support team should:

  1. Check the submitted metadata and contact details using the check list below
  2. Enquire SP admin about missing/unclear aspects of registration request if needed
  3. Forward the validated metadata to the UK Access Mangement Helpdesk (service@ukfederation.org.uk) via email with the template Email in Appendix A1 to include it in their federation metadata and eduGAIN. It is assumed that at this point the SP administrator already completed applied already for membership in the UK Access Management Federation as described in Step 2 of the Step-by-Step guide]. It also is assumed that the Service Provider is correctly configured and fully functional.

...

  • Use an XML validation tool to ensure that metadata is well-formed and valid according to the used SAML2 schemas. The metadata should be checked using all SAML2-related namespaces/schemas listed in Appendix A3. One could use the SAML tools provided here (https://code.geant.net/stash/users/switch.haemmerle/repos/saml-tools/browse/xml-validation) or use for example XMLSPear, an OpenSource Java-based XML manipulation tool.
  • Open the service’s URL (e.g. using the URL used in one of the AssertionConsumerURLs) to open the service’s web page and check if the service is running and providing more or less what the service’s name and description imply
  • See if the service has the REFEDS Research & Scholarship (R&S) entity category set.
    • If the category is set, leave it up to the UKAMF helpdesk to validate if the requirements are met
    • If the category is not set, judge yourself using the criteria (section 4) of https://refeds.org/category/research-and-scholarship if the R&S entity category would be applicable for this SP. If so, change metadata to include this.
  • Ensure that if possible everything is present in metadata that SHOULD be there (with the exception of the mdrpi:RegistrationInfo element) according to the eduGAIN Metadata Profile http://services.geant.net/edugain/Resources/Pages/Home.aspx If something is missing try to enrich it using public information from the service’s web page (e.g. service name and information from the “About” page of the service). Use https://wiki.edugain.org/Rich_sp_metadata_Use Rich SP metadata example as guideline what metadata could/should include.
  • Ensure that there is at least one <RequesteAttribute> element in metadata. If this is not the case, ask Contact person what attributes they need for service and add them if reasonable.

...