UK Federation Information Centre | Documents / RegisterSP browse

Registering a Service Provider

Before applying to register a service provider entity with the UK federation, you need to:

Install the Shibboleth service provider software as described in its deployment guide (see https://spaces.internet2.edu/display/SHIB/InstallingShibboleth for deployment of the Internet2 software).
Obtain an X.509 certificate, as described at GetCertificate. The same certificate may be used for both an Identity Provider and a Service Provider.

Once the software has been installed and a certificate obtained, the Management Liaison should email the registration request to the UK federation Helpdesk and include the information listed below. This information will be verified and placed in an <EntityDescriptor> entry in the federation metadata.

Administrative contact: A name and email address for the administrative contact. The administrative contact is responsible for providing and maintaining the registration data described here, and for ensuring policy is observed. This may be the same person as the Management Liaison, who serves as the primary registrar and administrator of the organisation's UK federation participation. Alternatively, the Management Liaison may devolve the administrative contact function to another member of the organisation responsible for this specific service provider.
Technical contact: A name and email address for the technical contact. The technical contact serves as the primary point of contact for technical issues related to this service provider. The technical contact communicates with the technical staff of the federation operator to ensure the smooth operation of the federation infrastructure. This may be the same person as the administrative contact. This contact information will be published in the federation metadata, which is in the public domain.
Support contact: A name and email address for the support contact. The support contact is the primary contact for error handling. This may identify a helpdesk or a designated support person. This may be the same person as the technical contact. This contact information will be published in the federation metadata, which is in the public domain.
Service display name: A short name (a few words at most) to identify your site.
Organization URL: The URL of a web page providing a description of the organisation providing the service.
Service description URL: The URL of a web page providing a description of the service itself. If omitted, this defaults to the Organization URL.
Software: (optional) The type and release number of the software you have chosen to deploy for your SP; e.g. reference Shibboleth SP vsn 1.3f. This information is optional, but providing it enables us to gauge appropriate support levels for software in use within the federation.
Entity ID: This is a URI identifying your service provider. It must be different from the entity ID of any existing identity provider or service provider you may already have in the UK federation. If your service provider is already a member of any other federation then please give its existing entity ID, even if it appears to be federation-specific. If your service provider is not already a member of another federation, please consult EntityIDPolicy for details of the process of constructing a new entity ID.
^†Browser/POST assertion consumer service location: One or more assertion consumer service URLs for use with the Browser/POST profile, e.g., https://shibbox.example.ac.uk/Shibboleth.sso/SAML/POST. Using default port numbers will sidestep firewall problems but is not mandatory.
^†Browser/Artifact assertion consumer service location: Optionally, one or more assertion consumer service URLs for use with the Browser/Artifact profile, e.g., https://shibbox.example.ac.uk/Shibboleth.sso/SAML/Artifact. Using default port numbers will sidestep firewall problems but is not mandatory. Note: Although this item is optional, you are encouraged to provide it if you are deploying version 1.3 or later of the Shibboleth reference software.
Attribute requester certificate name: The common name component of the subject field in the attribute requester certificate. This will usually be the fully qualified domain name of the attribute requester server, e.g., shibbox.example.ac.uk. Note: It helps us ensure that this information is correctly specified in your entity's metadata if you send us a copy of your certificate as an attachment to your email.

^†These locations must be given as 'https:' type URLs.

We will let you know by email once the UK federation metadata has been updated to include the information you supplied. You will then need to download the new metadata and modify your Shibboleth configuration to match it, as described at SetupSP.