IdP Version 3 Upgrade - Overview

We are working on an upgrade for our Shibboleth Identity Provider (IdP) software to version 3. The IdP is the service that asks the user to login with their Unity ID and password and then verifies the login and returns the user to another website.

The Unity IdP upgrade is planned for the morning of Wednesday May 11, 2016.

The Parent IdP upgrade will be scheduled for a date prior to the Unity upgrade. We will be working with the MyPack Portal team to arrange a convenient date and time.

There will be a number of changes to the IdP service as part of this upgrade. These will be addressed in the sections below.

Changes for Users

The pages used by the new IdP software have been redesigned to conform with the University Brand. The information found in the sidebar has been updated to provide more current, useful advice.
Accounts with expired passwords will no longer be permitted to login to the IdP. Users must change their expired passwords to proceed to all services.
The Parent login service has been moved to a separate server URL. The pages now more clearly state that parents are expected to login usign an email address and password.
The UApprove attribute release has been replaced with standard attribute release handler. Any acceptance made previously in UApprove will not be carried into the new system.

Changes for Service Providers

Unity IdP logins should continue to work with no adjustments. The entityID and service URLs have not been changed.
Parent IdP has moved to a new URL. We have created a new entityID for the service to further clarify that settings must be changed for Parent logins.
Old logout URLs should still work as expected for sites that use them. Shibboleth now provides a standard logout handler that may later be used to implement Single Logout (SLO). Service providers should strongly consider changing to use the new logout url path. e.g. https://shib.ncsu.edu/idp/profile/Logout

Testing IdPv3

Anyone with a current Unity account may try our Unity Login test service.
Parents or other affilaites with a Parent account may try our Parent Login test service.
Service providers who run their own shibd process can follow our instructions for Using IdP Test2 Servers with your SP.
- Hosted providers on OIT webservers will not be able to make these setup changes. We recommend trying Live Testing below.
Advanced users who are comfortable with making hosts file changes to their client can try our Live Testing instructions. This will temporarily replace the shib.ncsu.edu IdP with our v3 preview for your client, for any SP you would like to test.