Registering a Shibboleth 1.3 Service Provider
Please note that as Shibboleth 1.3 reaches its end-of-life in Summer 2010, we recommend that you install version 2 instead.
Before applying to register a service provider entity with the UK federation, you need to:
- Install the Shibboleth service provider software as described in its deployment guide (see https://spaces.internet2.edu/display/SHIB/InstallingShibboleth for deployment of the Internet2 software).
- Obtain an X.509 certificate, as described at GetCertificate. The same certificate may be used for both an Identity Provider and a Service Provider.
Once the software has been installed and a certificate obtained, the Management Liaison should email the registration request to the UK federation Helpdesk and include the information listed below. This information will be verified and placed in an <EntityDescriptor> entry in the federation metadata.
- Administrative contact: A name and email address for the Administrative contact.
- Technical contact: A name and email address for the Technical contact.
- Support contact: A name and email address for the Support contact.
- Service display name: A short name (a few words at most) to identify your site.
- Organization URL: The URL of a web page providing a description of the organisation providing the service.
- Service description URL: The URL of a web page providing a description of the service itself. If omitted, this defaults to the Organization URL.
- Software: (optional) The type and release number of the software you have chosen to deploy for your SP; e.g. reference Shibboleth SP vsn 1.3f. This information is optional, but providing it enables us to gauge appropriate support levels for software in use within the federation.
- Entity ID: This is a URI identifying your service provider. It must be different from the entity ID of any existing identity provider or service provider you may already have in the UK federation. If your service provider is already a member of any other federation then please give its existing entity ID, even if it appears to be federation-specific. If your service provider is not already registered in another federation, please consult EntityIDPolicy for details of the process of constructing a new entity ID. Where the entity registrant does not own the domain name contained within the proposed Entity ID value, outsourcing conditions apply.
- †Browser/POST assertion consumer service location: One or more assertion consumer service URLs for use with the Browser/POST profile, e.g., https://shibbox.example.ac.uk/Shibboleth.sso/SAML/POST. Using default port numbers will sidestep firewall problems but is not mandatory.
- †Browser/Artifact assertion consumer service location: Optionally, one or more assertion consumer service URLs for use with the Browser/Artifact profile, e.g., https://shibbox.example.ac.uk/Shibboleth.sso/SAML/Artifact. Using default port numbers will sidestep firewall problems but is not mandatory. Note: Although this item is optional, you are encouraged to provide it if you are deploying version 1.3 or later of the Shibboleth reference software.
- Attribute requester certificate name: The common name component of the subject field in the attribute requester certificate. This will usually be the fully qualified domain name of the attribute requester server, e.g., shibbox.example.ac.uk. Note: It helps us ensure that this information is correctly specified in your entity's metadata if you send us a copy of your certificate as an attachment to your email.
†These locations must be given as 'https:' type URLs.
We will let you know by email once the UK federation metadata has been updated to include the information you supplied. You will then need to download the new metadata and modify your Shibboleth configuration to match it, as described at Setup1.3SP.