Technical Support

Support for End Users

End users should contact their local user support team.

UKAMF policy on technical support

The UK federation technical support team provides support for deployment of SAML-capable software within the UK federation. We cannot provide in-depth support for web applications which rely on that SAML software.

The UK federation also provides in-depth technical support for Shibboleth software within the UK federation, which includes support for installation, configuration and troubleshooting.

We recommend that you always use a supported release of your chosen software. We reserve the right not to support software designated end of life (EOL) by its authors and in such cases will only provide assistance in upgrading to a supported version. For example, EOL dates for Shibboleth software are available from https://wiki.shibboleth.net/confluence/display/SHIB2/SecurityAdvisories

Installing and configuring IdPs and SPs

Read the registering entities information for details of installing and configuring Identity Provider and Service Provider software.

Deployment support

Troubleshooting

Study the error message. Look in your log files. Increase the logging level to DEBUG if appropriate.

Then look at is whether the problem is general or specific. Is it an interoperability problem with one other entity, or is it with several?

If it's with one entity only:

For operator of an IdP with an interoperability problem with a particular SP, contact the SP operator in the first instance.

For operator of an SP with an interoperability problem with a particular IdP, contact the IdP operator in the first instance.

The support contacts for each entity can be found in the UK federation metadata, available at

http://metadata.ukfederation.org.uk/ukfederation-metadata.xml

It will be useful to have had a look at your logs for signs of errors before contacting them.

If it's with several entities:

In this case it's more likely that the problem is local.

At this point, it's a good idea to turn up your logging, and to check for any recent changes that may affect your entity (is metadata still being downloaded; has a certificate expired or been replaced, has there been a modification to your firewall)

IdP operators can also use the UK federation test SP to test authentication and attribute release. Test against all relevant session initiators, check the values of attributes released using the "Session dumper" link, and view the SAML Assertion and CGI header variables.

SP operators can also use the UK federation test IdP to test authentication and attribute retrieval. A number of test accounts are provided that release various attribute sets.

UK federation helpdesk

The Shibboleth Project

The Shibboleth project wiki includes a comprehensive section on troubleshooting. In that section are lists of IdP troubleshooting common errors and SP troubleshooting common errors. Please check these pages to see if your error is listed, and also advice for how to troubleshoot those errors.

The Shibboleth project also runs a number of mailing lists, where project developers provide high quality advice. The Shibboleth mailing lists are described here.

Community mailing lists hosted by Jiscmail

Jisc Shibboleth mailing list - general discussion regarding Shibboleth-based authentication and authorisation systems within the UK's higher and further education and research communities.

Jisc Shibboleth libraries - for HE and FE library staff involved in implementing federated access management. List appears unused.

Lis-openathensla - a discussion area for users of OpenAthens LA from Eduserv. This is a community list, and is not run by Eduserv.

lis-e-resources - discussion list for library staff. Wider scope than access management, although this does get brought up.

Third Party Support

Here is a list of federation member organisations which offer third party support in the deployment of federated access management.