Technical Support

Support for End Users of the UK federation

End users should contact their local IT user support team.

UKAMF policy on technical support

The UK federation technical support team provides support for deployment of SAML-capable software within the UK federation. We cannot provide in-depth support for web applications which rely on that SAML software.

The UK federation also provides in-depth technical support for Shibboleth software within the UK federation, which includes support for installation, configuration and troubleshooting.

We recommend that you always use a supported release of your chosen software. We reserve the right not to support software designated end of life (EOL) by its authors and in such cases will only provide assistance in upgrading to a supported version. Specifically, the UK federation will be ending its support for Shibboleth V2 IdP deployments on December 31st 2019. Please note that this version was declared EOL by the Shibboleth Project in 2016.

All the EOL dates for Shibboleth software are listed online: for Shibboleth IdP v4.x software, for Shibboleth SP v3.x software, for Shibboleth IdP v3.x software and Shibboleth IdP v2 and SP v2 software.

OpenAthens SP 2.x software will go EOL in May 2020. Note that, from 1 July 2019, the OpenAthens helpdesk will not be supporting the software. Their standard response will be that the only option is to implement OpenAthens Keystone.

Installing and configuring Shibboleth IdPs and SPs

Information on installing and configuring a Shibboleth 4 IdP is here.

Information on installing and configuring a Shibboleth 3 SP is here.

Integration of a new install of a Shibboleth v3 IdP into the UK federation to replace a Shibboleth v2 IdP

Information on installing and configuring a Shibboleth 2 SP is here. NB: This is for reference only as the Shibboleth 2 SP is End-Of-Life.

Information on installing and configuring a Shibboleth 2 IdP is here. NB: This is for reference only as the Shibboleth 2 IdP is End-Of-Life.

Registering entities

See the Registration page for more information.

Deployment support

Troubleshooting

Study the error message. Look in your log files. Increase the logging level to DEBUG if appropriate.

Then look at whether the problem is general or specific. Is it an interoperability problem with one other entity, or is it with several?

If it's with one entity only:

For the operator of an IdP with an interoperability problem with a particular SP, contact the SP operator in the first instance.

For the operator of an SP with an interoperability problem with a particular IdP, contact the IdP operator in the first instance.

The support contacts for each entity can be found in the UK federation metadata, available at

http://metadata.ukfederation.org.uk/ukfederation-metadata.xml

It will be useful to have had a look at your logs for signs of errors before contacting them.

If it's with several / all entities:

In this case it's more likely that the problem is local to your deployment.

At this point, it's a good idea to turn up your logging, and to check for any recent changes that may affect your entity:

IdP operators can also use the UK federation test SP to test authentication and attribute release. Test against all relevant session initiators, check the values of attributes released using the "Session dumper" link, and view the SAML Assertion and CGI header variables.

SP operators can also use the UK federation test IdP to test authentication and attribute retrieval. A number of test accounts are provided that release various attribute sets.

UK federation helpdesk

If you have followed the troubleshooting advice given on this page and have not been able to determine the cause of the problem, you can get help from the UK federation technical support team. The support team at Jisc has many years experience across a wide range of federated access technologies and can usually provide high quality support in a timely manner.

However, we are also a small team with many responsibilities outwith technical support (which include entity registration and operation of federation infrastructure), so occasionally we are not able to process your technical support calls immediately. Additionally, some members of the team work part-time on the helpdesk so the specialist expertise you require may not be available at all times. Please understand the context we work in. As a rough guide, we prioritise technical support in this order:

  • security incidents affecting the UK federation
  • incidents affecting most UK federation entities or UK federation infrastructure
  • incidents affecting several production servers registered in the UK federation
  • incidents affecting a single production server registered in the UK federation
  • advice on entity registration, configuration and deployment in the UK federation
  • general advice on federated access, including support of entities not registered in the UK federation.

The Shibboleth Project

The Shibboleth project wiki includes some commonly-occuring errors for Shibboleth software. Please check the following pages to see if your error is listed, and also advice for how to troubleshoot those errors.

Troubleshooting the IdP v3

Troubleshooting Shibboleth v2 products. That page has links to IdP troubleshooting common errors and SP troubleshooting common errors.

The Shibboleth project also runs a number of mailing lists, where project developers provide high quality advice. The Shibboleth mailing lists are described here.

Community mailing lists hosted by Jiscmail

Jisc Shibboleth mailing list - general discussion regarding Shibboleth-based authentication and authorisation systems within the UK's higher and further education and research communities.

Jisc Shibboleth libraries - for HE and FE library staff involved in implementing federated access management. There have been no posts on this list since 2015, and while the archive is still available, most of the content will be somewhat out of date by now.

lis-e-resources - discussion list for library staff. Wider scope than access management, although this does get brought up.

Third Party Support

Here is a list of federation member organisations which offer third party support in the deployment of federated access management.

Jisc Consultancy Service

Jisc itself offers a Trust and Identity consultancy service,supporting federated services such as Shibboleth and including activities such as installation, updates & migrations, linking to other services, troubleshooting, and sustainability advice and planning. More information can be found at https://www.jisc.ac.uk/consultancy/trust-and-identity