Stay safe. Stay home. www.sacoronavirus.co.za.

idp-requirements Archive

Generating eduPerson{Scoped}Affiliation from your internal directory

This page is intended to give you some ideas about how to generate eduPersonAffiliation and eduPersonScopedAffiliationi attribute that are useful to SAFIRE by reusing existing information you may already have in your internal directory services. What’s shown below are SimpleSAMLphp config snippets, but the ideas translate to pretty much all identity provider software. If you’re not using SimpleSAMLphp, hopefully the comments help you understand what is going on. All the authproc filters shown here are documented in SimpleSAMLphp’s docs.

Requirements for SAML2 Identity Providers v20210303

Changes to the Requirements for SAML2 Identity Providers that are purely technical must reach rough consensus/no opposition at the SAFIRE Participants' Forum. Changes to the administrative requirements are synchronised with the Metadata Registration Practice Statement. This version reached rough consensus on 31 March 2021. The following describes the technical and administrative checks made before an identity provider is admitted into the SAFIRE federation within the SAML2 Technology Profile. It also serves as a checklist for identity provider operators for assessing their readiness to participate.

Requirements for SAML2 Identity Providers v20200826

Changes to the Requirements for SAML2 Identity Providers that are purely technical in nature must reach rough consenus/no opposition at the SAFIRE Participants' Forum. Changes to the administrative requirements are synchronised with the Metadata Registration Practice Statement. This version reached rough consensus on 1 January 2019, and was subsequently amended to incorporate updates from the MRPS. The following describes the technical and administrative checks that will be made before an identity provider is admitted into the SAFIRE federation within the SAML2 Technology Profile.

Requirements for SAML2 Identity Providers v20190207

Changes to the Requirements for SAML2 Identity Providers that are purely technical in nature must reach rough consenus/no opposition at the SAFIRE Participants' Forum. Changes to the administrative requirements are synchronised with the Metadata Registration Practice Statement. This version reached rough consensus on 1 January 2019. The following describes the technical and administrative checks that will be made before an identity provider is admitted into the SAFIRE federation within the SAML2 Technology Profile.

Generating eduPersonPrincipalName from your internal directory

This page is intended to give you some ideas about how to generate an eduPersonPrincipal attribute that is useful to SAFIRE by reusing existing unique user identifiers from your internal directory services. What’s shown below are SimpleSAMLphp config snippets, but the ideas translate to pretty much all identity provider software. If you’re not using SimpleSAMLphp, hopefully the comments help you understand what is going on. All the authproc filters shown here are documented in SimpleSAMLphp’s docs.

Requirements for SAML2 Identity Providers v20180918 (Draft)

Changes to the Requirements for SAML2 Identity Providers that are purely technical in nature must reach rough consenus/no opposition at the SAFIRE Participants' Forum. Changes to the administrative requirements are synchronised with the Metadata Registration Practice Statement. This version reached rough consensus on …. The following describes the technical and administrative checks that will be made before an identity provider is admitted into the SAFIRE federation within the SAML2 Technology Profile.

Requirements for SAML2 Identity Providers v20180319 (Draft)

Changes to the Requirements for SAML2 Identity Providers that are purely technical in nature must reach rough consenus/no opposition at the SAFIRE Participants' Forum. Changes to the administrative requirements are synchronised with the Metadata Registration Practice Statement. This version reached rough consensus on …. The following describes the technical and administrative checks that will be made before an identity provider is admitted into the SAFIRE federation within the SAML2 Technology Profile.

Generating eduPersonEntitlement

The eduPersonEntitlement attribute is used to indicate a user’s entitlement to access a specific service or resource. For example, its most widely used value, urn:mace:dir:entitlement:common-lib-terms, is used to indicate eligibility to access licensed content from information publishers. Relationship to eduPersonScopedAffiliation Library information providers often support both eduPersonEntitlement and eduPersonScopedAffiliation as a means of limiting access to licensed resources. It is likely that there is significant overlap between values used for eduPersonAffiliation (and thus eduPersonScopedAffiliation).

South African Identity Federation