oaeproject / puppet-hilary

Open Academic Environment (OAE) Puppet Scripts
http://www.oaeproject.org
5 stars 20 forks source link

Add SURF as a Shibboleth federation #159

Open simong opened 9 years ago

simong commented 9 years ago

It looks like we're in SURF but we're not pulling the set of IdPs we can interface with.

IIUC Surf is not like regular Shibboleth federations but more like a gatekeeper, each institution can toggle which service provider can access their IdP. According to their wiki page we can pull down the list of identity providers we can interface with at:

https://engine.surfconext.nl/authentication/proxy/idps-metadata?sp-entity-id=https://shib-sp.unity.ac/shibboleth

(I'm aware there are no Identity Providers in there yet)

I think it's just a matter of adding an extra MetadataProvider in the shibboleth config. Once institutions have added (=bought?) the Unity service within SurfContext, their IdP should appear in the list and we should pull it down.

simong commented 9 years ago

Assigning to @davidoae

davidoae commented 9 years ago

OK, some of the shib terminology and processes still bemuses me however I'm fairly sure that we don't need to add the metadata in shib config as their idp is already in the uk federation metadata. Checking the uk fed data here... http://metadata.ukfederation.org.uk/ukfederation-metadata.xml ... I can see the vu.nl identityID.

I think all that needs to happen is that someone needs to contact the institution and get them to tell edugain to release the attributes to us. I hear that Nico already has some sort of relationship with them, maybe he'd know whom to contact there to get the institution to do this. Unquestionably Steve Potter understands this much better than I and he seems confident about this.

davidoae commented 9 years ago

Nico indicted he's in communication with the institution about this.