Registering a Service Provider
We have specific documentation on registering a Shibboleth SP and registering an OpenAthens SP. This page gives information on how to register other SP software. You must register your SP's metadata with us in order to interoperate with other entities in the UK federation. You may need to configure more features once your SP is registered, for example authorization conditions.
Before sending the information required for registration, listed below, you must ensure the following:
- Install and configure the SP software according to the supplier's instructions.
- Obtain an X.509 certificate for the trust fabric.
- Obtain a browser-facing certificate and configure it for port 443 of your SP. The UK federation does not need to know about this browser-facing certificate.
- Your organization controls the domain in the entityID of your SP
- You have read the UK federation Operational Information page.
- You are familiar with the UK federation's Technical Recommendations for Participants, and other UK Federation Technical Documents.
Once these prerequisites have been met:
- A Management Contact for your organisation must email a registration request to the UK federation Helpdesk and include the information required for registration, listed below.
- We will verify this information and perform several technical checks. We may need to communicate with the registrant to rectify any issues.
- We then authenticate the trust fabric certificate(s) in the SP metadata by means of an email-based security procedure. The Management Contact must reply to our email before we can complete the registration.
- Once we have received the authentication email from the Management Contact, we will publish your SP's metadata in the UK federation metadata on the next publishing run. Please take note that metadata must propagate to the identity providers (IdPs) your SP will interoperate with.
- We will let you know by email once the UK federation metadata has been updated to include the information you have supplied.
- You can now test your SP using the UK federation test IdP.
- entityID: The entityID is a URI identifying your service provider. It must be different from the entityID of any existing entity already in the UK federation. If your service provider is already a member of another federation please give its existing entityID, even if it appears to be federation-specific. If it is not already a member of another federation, please consult the UK federation entityID policy.
- Service Display Name: A brief name for the service. This name may be displayed on IdP login pages, and will be displayed on the Central Discovery Service (CDS) if your SP uses the CDS. Please see the federation MDUI Recommendations page for more information.
- OrganizationURL: The URL of a web page providing a description of the organisation providing the service.
- Support contact: The name and email address for one or more Support contacts.
- Technical contact: The name and email address for one or more Technical contacts.
- Administrative contact: The name and email address for one or more Administrative contacts.
- Metadata: Many SAML software products generate metadata matching the configuration. If your software makes the metadata available on a URL, please send the URL to us. Failing that, please send us a static copy of the metadata. And if your software does not produce metadata, please contact us and we'll find another way to assist you in registering your software.
- Requested Attributes: (recommended) Include information on the attributes your SP can use. The name of the attributes only will suffice (see the Requested Attributes page for further information). We recommend inclusion of attributes as part of the registration process to facilitate interoperability, especially with IdPs registered in other federations and imported via eduGAIN.
- Software: (recommended) The SAML product name and software version of the software you have chosen to deploy for your SP. This information enables us to gauge appropriate support levels for software in use within the federation, and we do not publish this information.
- Logo: (recommended) The HTTPS-protected URL of a suitable logo. This may be displayed on IdP login pages, and will be displayed on the Central Discovery Service (CDS) if your SP uses the CDS. Please see the federation MDUI Recommendations page for more information.
- Description: (recommended) A short (100 character) description of the service. It may appear on the IdP login pages. Please see the federation MDUI Recommendations page for more information.
- Sirtfi compliance: If your SP complies with the Sirtfi incident response framework, please indicate that the SP has passed a self-assessment of Sirtfi v1.0. See our Sirtfi documentation page for more information.
- Security contact: The name and email address of a security contact. This is mandatory for Sirtfi-compliant SPs.