Architecture

Source: acrhitecture.odg

SP admin flows

Register a new SP

1a) copy/past metadata into text box
test: is it really XML?
-> if not: error

or
1b) point to metadata URL
test:  check if URL exists
→ if not: error

2) test: check if metadata has

• entityID
• technical contact email
• ACS location
• Signing cert?
• Encryption Cert?
• 
  → if not: error

3) resolve captcha
4) press register button

Start registration

1) generate SHA256 token from  IP + timestamp + entitID

test: Do not allow an existing entityID to be claimed with a new email
if → throw an error

2 ) send email with token to tech contact
e.g. return URL: https://testidp.incibator.geant.org/register.php?token=dsjklzJK98edjlkqwJIDSA

2) write to db table "registration":

- generated token (key)
- email adress
- entityID
- timestamp
- ip adress
- metadata as an XML blob
- registration statusstatus ("email send", registration complete")

First time user login

1) User returns to https://testidp.incibator.geant.org/register.php?token=dsjklzJK98edjlkqwJIDSA
test:  Check if this token is registered in the DB for this email, if not -> error
2) The user is now "logged in" for time X
3) Move over XML metadata to "martin" table" (registration data gets removed)
4) Optionally: additional field to be filled in? → Check with Martin

5) Your IdP is ready at : https://...
Show pointer to metadata
Show metadata to be copied
Show URL?
Show text explaining how to use frontend login screen

Below TBD

Returning to admin interface to modify SP

• 'login' vio email token
• lookup your own SP?
•  confimation?