UK Federation Operational Information
Federation Metadata
Download the signed metadata files for the UK Federation here:
- For Shibboleth V1.3 and V2.x:
You can download the certificate used to sign this file as ukfederation.pem for use with the siterefresh utility (described in SetupSP), or as ukfederation.jks for use with the metadatatool utility (described in SetupIdP).
However, as this certificate secures the entire UK Federation, you should not rely on it until you have confirmed the certificate's fingerprint with a member of the UK Federation Operations team. (SetupSP describes use of openssl to check the certificate fingerprint using ukfederation.pem. SetupIdP describes use of keytool to check the certificate fingerprint using ukfederation.jks.)
Testing new IdP deployments
You can test your configuration by going to these UK federation test pages:
These both use the full unfiltered federation WAYF, so that IdPs with visibility set to "No" still appear in the drop-down list.
In either case, if you select your own IdP site from the WAYF page and then successfully authenticate, you should see a list of CGI environment variables, thus testing attribute value generation and release in addition to simple authentication. The second of these test pages should produce two displayed assertions – one for the authentication, one for the attributes.
If you have trouble authenticating or releasing attributes then ensure your Shibboleth log levels are turned up to DEBUG (for details, see 'logging.xml' in Setup2IdP) before re-testing, and check the logs; the idp-process.log is generally the most informative. If nothing is being written to the Shibboleth logs then check the Tomcat logs; it is advisable to keep checking the Tomcat logs anyway during the earlier stages of the installation.
You should not attempt to gain access to any live service until you have verified, by the use of the test pages noted above, that your IdP is properly configured and handling attributes correctly.
Testing new SP deployments
The UK Federation does not operate a test IdP. If you do not have access to an IdP which can be used for testing your new SP, however, you can create test accounts at one of the open-access IdPs within the federation. Currently these are ProtectNetwork and TypeKey Bridge.
Attributes Used in the UK Federation
See Attribute usage for details.
History
The SDSS development federation was the forerunner of the UK federation.