Shibboleth at NC State » Technical Documentation » Register SP with NCSU Fed

Register Service Provider with NCSU Federation

Purpose of registration

Every entity in the Shibboleth system, both Identity Providers (IdPs) and Service Providers (SPs), has a set of metadata that describes that entity. They have an entityID that defines the entity by a persistent name, a set of cryptographic keys that are used to sign/encrypt messages, and a set of allowed connection points where the entity is allowed to be used. The federation collects all of that metadata in one place and establishes a trusted source for exchanging metadata information. When your SP downloads the federation metadata file, it checks for the federation signature, and then trusts that each of the entities in that file is describes as the federation says that it is.

In order to participate in this trust model, we have to register your SP into the NCSU Federation. We also have to establish our level of trust between our Identity Provider and your Service Provider with regards to which attributes we are willing to share with you.

On a side note: if your service provider is already established in another federation that includes our IdP, we can skip the registration with the NCSU Federation. We will still need to establish the trust to release our attributes.

Before registration

You may need to be prepared to explain why you need these attributes, and how you plan to protect your server from releasing this data in the event of an intrusion. In our approval process, we may need to ask for more information. We may also need to seek approval to release some of these attributes to you. It is a good idea to ask for no more attributes than those you absolutely need.

WRAP Migration Note: If you are setting up Shibboleth to replace WRAP, and you are using an on-campus server, let us know on the form. We are working on a special Attribute Release Policy for former WRAP sites that will only share the eduPersonPrincipalName ( and the uid (=unityID) attributes with minimal justification required.

Registration process

Next step

Once your registration has been accepted, and you have waited for the updates to reach the servers, the next step is Testing the SP.