Register Service Provider with NCSU Federation
Purpose of registration
Every entity in the Shibboleth system, both Identity Providers (IdPs) and Service Providers (SPs), has a set of metadata that describes that entity. They have an entityID that defines the entity by a persistent name, a set of cryptographic keys that are used to sign/encrypt messages, and a set of allowed connection points where the entity is allowed to be used. The federation collects all of that metadata in one place and establishes a trusted source for exchanging metadata information. When your SP downloads the federation metadata file, it checks for the federation signature, and then trusts that each of the entities in that file is describes as the federation says that it is.
In order to participate in this trust model, we have to register your SP into the NCSU Federation. We also have to establish our level of trust between our Identity Provider and your Service Provider with regards to which attributes we are willing to share with you.
On a side note: if your service provider is already established in another federation that includes our IdP, we can skip the registration with the NCSU Federation. We will still need to establish the trust to release our attributes.
If you do not have a Unity account at NC State, you will need to find an on-campus person to sponsor your registration.
Have the selected entityID ready for the form.
Have your working Metadata handler URL ready for the form. Or be prepared to provide a URL where we can download a static Metadata file for your SP.
Decide which attributes you need to receive from our Identity Provider. Review our list of available attributes.
You may need to be prepared to explain why you need these attributes, and how you plan to protect your server from releasing this data in the event of an intrusion. In our approval process, we may need to ask for more information. We may also need to seek approval to release some of these attributes to you. It is a good idea to ask for no more attributes than those you absolutely need.
WRAP Migration Note: If you are setting up Shibboleth to replace WRAP, and you are using an on-campus server, let us know on the form. We are working on a special Attribute Release Policy for former WRAP sites that will only share the eduPersonPrincipalName (=unityID@ncsu.edu) and the uid (=unityID) attributes with minimal justification required.
You, or your on-campus sponsor, must complete the online form located at: go.ncsu.edu/shib-access-request.
When you submit the form, it creates a Remedy call that we will use to track your request.
We will seek approval for your request, if needed. We may contact you or your sponsor for more information during this step.
Once approved, the request will be passed to the technical lead for implementation. Your metadata will be added to the NCSU Federation registry and published. Your requested attributes will be configured on our IdP if needed.
You will receive an email when this process is completed. We usually ask you to wait up to four hours for the publication and reconfiguration to reach our servers via the automated channels.
Once your registration has been accepted, and you have waited for the updates to reach the servers, the next step is Testing the SP.