Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
en:production [2017/08/30 17:00] – Raoul Gunnar Borenius | en:production [2022/04/29 10:39] – Wolfgang Pempe | ||
---|---|---|---|
Line 17: | Line 17: | ||
**NB:** As for the certificate used for metadata signature validation, the examples below refer to the hierarchy of the DFN-PKI second generation. Please refer to [[en: | **NB:** As for the certificate used for metadata signature validation, the examples below refer to the hierarchy of the DFN-PKI second generation. Please refer to [[en: | ||
- | **SP Operators** | + | **SP Operators** |
**IdP Operators** include the metadata file that comprises all SPs registered with the DFN-AAI production environment. | **IdP Operators** include the metadata file that comprises all SPs registered with the DFN-AAI production environment. | ||
Line 24: | Line 24: | ||
| ^ IdP / AA ^ SP ^ | | ^ IdP / AA ^ SP ^ | ||
- | ^ Advanced | + | ^ DFN-AAI |
- | ^ Basic | '' | + | |
- | ^ Advanced + Basic | -- | '' | + | |
^ eduGAIN | ^ eduGAIN | ||
^ Local Metadata | ^ Local Metadata | ||
Line 32: | Line 30: | ||
==== IdP Example ==== | ==== IdP Example ==== | ||
- | **DFN-AAI: | + | **For metadata URLs and the certificate for signature validation please refer to [[en: |
+ | |||
+ | **DFN-AAI: | ||
For participation in **eduGAIN**, | For participation in **eduGAIN**, | ||
Line 56: | Line 56: | ||
maxRefreshDelay=" | maxRefreshDelay=" | ||
< | < | ||
- | certificateFile="/ | + | certificateFile="/ |
</ | </ | ||
| | ||
Line 66: | Line 66: | ||
maxRefreshDelay=" | maxRefreshDelay=" | ||
< | < | ||
- | certificateFile="/ | + | certificateFile="/ |
</ | </ | ||
Line 73: | Line 73: | ||
==== SP Example ==== | ==== SP Example ==== | ||
+ | **For metadata URLs and the certificate for signature validation please refer to [[en: | ||
Communication with all productive IdPs in DFN-AAI (Degree of Reliance " | Communication with all productive IdPs in DFN-AAI (Degree of Reliance " | ||
Line 78: | Line 79: | ||
<file xml / | <file xml / | ||
< | < | ||
- | uri="https:// | + | uri="http:// |
- | backingFilePath=" | + | backingFilePath=" |
- | < | + | < |
- | < | + | |
- | < | + | |
- | </ | + | |
</ | </ | ||
< | < | ||
- | uri="https:// | + | uri="http:// |
backingFilePath=" | backingFilePath=" | ||
- | < | + | < |
< | < | ||
< | < | ||
Line 96: | Line 94: | ||
</ | </ | ||
</ | </ | ||
- | < | ||
- | < | ||
- | </ | ||
</ | </ | ||
</ | </ | ||
- | ===== Central Discovery Service ===== | + | The following example shows how to restrict the metadata import to IdPs that conform to the requirements of the Degree of Reliance ' |
- | ** We recommend to implement a local discorvery service on the sp because it's much more straight forward to | + | <file xml / |
- | use for the end user then our central service!** | + | < |
+ | url=" | ||
+ | backingFilePath=" | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
- | In case no SP-specific and/or [[de:shibeds|Embedded Discovery Service]] can be implemented, | + | </ |
+ | |||
+ | |||
+ | ===== Discovery Service ===== | ||
+ | |||
+ | ==== Embedded Discovery Service ==== | ||
+ | |||
+ | In case an SP is only available for a couple of Home Organizations, | ||
+ | |||
+ | ==== Central Discovery Service ==== | ||
+ | |||
+ | In case no SP-specific and/or [[de:shibsp# | ||
discovery service as a fall-back. An **SP** can choose between several central discovery URLs in accordance with its MetadataProvider configuration (see above). So-called "Local SPs" that are intended for internal use only (e.g. campus management), | discovery service as a fall-back. An **SP** can choose between several central discovery URLs in accordance with its MetadataProvider configuration (see above). So-called "Local SPs" that are intended for internal use only (e.g. campus management), | ||
+ | |||
===Examples for Shibboleth SP=== | ===Examples for Shibboleth SP=== | ||
Line 139: | Line 155: | ||
</ | </ | ||
</ | </ | ||
+ | |||
+ | {{tag> |