Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revisionBoth sides next revision | ||
en:checklist [2021/07/20 09:58] – incorporate content from en:metadata_admin_tool:checklist Silke Meyer | en:checklist [2021/07/20 11:58] – replaces en:metadata_admin_tool:checklist, correctly recognized translation page Silke Meyer | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | FIXME **This page is not fully translated, yet. Please help completing the translation.**\\ //(remove this paragraph once the translation is finished)// | + | ====== |
- | + | ||
- | ====== | + | |
<callout color="# | <callout color="# | ||
Line 18: | Line 16: | ||
* The metadata administration tool can fetch your IdP' | * The metadata administration tool can fetch your IdP' | ||
- | * Fill in all fields | + | * Fill in all fields. If you see **red warnings** correct them before submitting the IdP/SP to production. |
* Use host name resp. URLs that can be resolved from outside your network. Systems with internal top level domains cannot be saved. | * Use host name resp. URLs that can be resolved from outside your network. Systems with internal top level domains cannot be saved. | ||
- | * Display name: the name of your institution, | + | |
- | * Description: | + | |
- | * Information URL: Website of the institution, | + | |
- | * **Privacy Statement URL**: Add the link to your privacy statement. **For Service Providers the field is mandatory.** If you only have a privacy statement in either English or German you can leave the second field blank. | + | * **Privacy Statement URL:** Add the link to your privacy statement. **For Service Providers the field is mandatory.** If you only have a privacy statement in either English or German you can leave the second field blank. |
- | * The **logos** are displayed during Discovery (IdP favicons) resp. on login screens. That is why they have **maximum sizes**. Scale your logos down to fit this size. Logos (big) can have a width of 64 to 240 px and a maximum height of 180 px. Favicons (logo small) have a size of 16 x 16 px. Service Providers do not need a small logo/ | + | * The **logos** are displayed during Discovery (IdP favicons) resp. on login screens. That is why they have **maximum sizes**. Scale your logos down to fit this size. Logos (big) can have a width of 64 to 240 px and a maximum height of 180 px. Favicons (logo small) have a size of 16 x 16 px. Service Providers do not need a small logo/ |
* Please submit at least four **contacts** per system: An administrative contact, a technical one, a support contact and a security contact. We recommend to use non-personalized email addresses, especially for the security contact which could be your Computer Emergency Response Team. If you do not have anything like that, put in the contact that responds in case of security incidents. Please make sure to keep those email addresses up to date! | * Please submit at least four **contacts** per system: An administrative contact, a technical one, a support contact and a security contact. We recommend to use non-personalized email addresses, especially for the security contact which could be your Computer Emergency Response Team. If you do not have anything like that, put in the contact that responds in case of security incidents. Please make sure to keep those email addresses up to date! | ||
- | * Have your X.509 certificate for SAML-based communication ready. We have an [[en: | + | * Have your X.509 **certificate** for SAML-based communication ready. We have an [[en: |
* IdPs use DFN-PKI certificates. As of July 2019, only the **second generation of DFN-PKI certificates** will be valid. | * IdPs use DFN-PKI certificates. As of July 2019, only the **second generation of DFN-PKI certificates** will be valid. | ||
* SPs can use DFN-PKI certificates (if entitled), certificates issued by established commercial CAs, or self-signed certificates. | * SPs can use DFN-PKI certificates (if entitled), certificates issued by established commercial CAs, or self-signed certificates. | ||
Line 35: | Line 33: | ||
</ | </ | ||
- | * For Service Providers: If you need your SP to execute Attribute Queries or Artifact Queries, your SP certificate should have the client attribute set. If you request your certificate from DFN-PKI, please use the template called " | + | * For Service Providers: If you need your SP to execute |
< | < | ||
openssl x509 -in example.org.crt.pem -noout -text | grep -A 1 " | openssl x509 -in example.org.crt.pem -noout -text | grep -A 1 " | ||
Line 42: | Line 40: | ||
</ | </ | ||
- | * Put your new system into our ** test federation** DFN-AAI-Test. Use our [[en: | + | * Put your new system into our **test federation** DFN-AAI-Test. Use our [[en: |
{{: | {{: | ||
- | * If it does, submit a request to join DFN-AAI. | + | * If it does, submit a request to join DFN-AAI. A ticket is then opened on our side and you will hear from us. |
{{: | {{: | ||