Entity registration

Once an organisationís application for membership has been approved, a Management Contact may register any number of SP (Service Provider) entities. If the organisation has joined as an IDENTITY PROVIDER member, then the Management Contact can register production IdP (Identity Provider) entities as well.

Procedure for registering these types of software:

We also provide information for organisations that want to outsource some or all provision on our Outsourced Provider page.

The UK federation implements a policy of exporting all entities to eduGAIN (with some exceptions). More details concerning this can be found here:

https://www.ukfederation.org.uk/content/Documents/EduGAINParticipation

Shibboleth SP

The currently-supported version of the Shibboleth SP interoperates with all previous releases of Shibboleth and other software that supports the same standards.

Upgrading from a Shibboleth v2 SP to v3

The currently-supported version of the Shibboleth SP is in the v3.x series. The Shibboleth wiki states that the upgrade process is designed to be seamless and is functionally the same as upgrading v2 in the past. However, please note that there is a particular combination of factors that may affect a small number of deployments in the UK federation. See also the Shibboleth wiki page "Upgrading from v2".

OpenAthens SP

The original OpenAthens SP software is now end-of-life. To install and register an OpenAthens Keystone SP:

  • You purchase and configure the OpenAthens Keystone SP software.
  • Register an OpenAthens SP
  • Test and if necessary modify your configuration according to OpenAthens documentation.

Other SP

Install and register any other type of SP software

Shibboleth IdP

As at 5 November 2021, the current version of the Shibboleth IdP is v4.1.4, but documentation for a fresh v4 installation is still in progress.

We recommend that you keep your software up-to-date within the v3.x series, by noting the supported versions of the v3 IdP and the process for updating a v3 IdP. We also recommend that you subscribe to the announce mailing list.

"Upgrading" from a Shibboleth v2 IdP to v3

We have put together some documentation about Integration of a new install of a Shibboleth v3 IdP into the UK federation to replace a Shibboleth v2 IdP.

Upgrading from a Shibboleth v3 IdP to v4

Please note that some deprecated features of the v3 IdP will be removed in v4 and this should be dealt with before upgrading your v3 IdP to v4.

Please contact the UK federation helpdesk for further advice.

OpenAthens IdP

To install and register an OpenAthens IdP:

  • You purchase and configure the OpenAthens MD software.
  • Register an OpenAthens MD IdP
  • Test and if necessary modify your configuration according to OpenAthens documentation.

Moving from other IdPs to an OpenAthens MD IdP

In both cases, some WAYFless URLs will need updating. More details may be found at our page on changing from one IdP platform to another.

Other IdP

Install and register any other type of IdP software

Microsoft Azure / AD FS

In the past, some organisations have enquired about using Microsoft AD FS (Active Directory Federation Services) software as an IdP within the UK federation and our findings are here.

However, it is possible to use a technique called SAML Proxying to let your Shibboleth IdP proxy to another IdP (including Azure AD) to give your users a true single sign-on experience.