JISC

1. How can we join the UK federation as a Service Provider?
2. How do we get started?
3. What software and technical support is available and how much does it cost?
4. Will UK institutions that are using Athens be able to access our service?
5. If we have chosen OpenAthensSP, will UK institutions that are using Shibboleth still be able to access our service?
6. How long does it take to implement a federated access management solution?
7. How do we configure our Shibboleth SP?
8. How do we register our Service Provider with the UK federation?
9. Which certificates can we use?
10. What attributes can we use?
11. What guidance can you provide for Login pages and WAYFs?
12. How can we test our implementation?
13. What support and guidance is available for Shibboleth 2.0?
14. Where can we get support for troubleshooting and technical enquiries?
15. What information do our institutional customers need?
16. How can we keep updated with important information?

1. How can we join the UK federation as a Service Provider?

You can apply for free membership of the UK Access Management Federation as a Service Provider if you provide a service to UK education and research institutions. As a member you must agree to abide by the UK federation Rules of Membership which include agreeing to use federated access management systems based on open standards and abide by the rules about the exchange of data between institutions and service providers.

To apply for membership please use the template letter

2. How do we get started?

The process of becoming a Service Provider is outlined in the Joining the UK federation process map. We recommend that you read through the Rules of Membership, Technical recommendations for participants and other core federation documentation which can be found on the UK federation website.

Further information is also available on the Service Provider section of the JISC website.

3. What software and technical support is available and how much does it cost?

Costs of implementing a federated access management solution will depend on the model you have chosen. You are free to choose either open source or commercial products, which must be SAML compliant and meet the requirements of the UK federation. Service providers can either implement using in-house technical staff or outsource technical support to one of several suppliers that are now developing expertise in standards compliant software.

4. Will UK institutions that are using Athens be able to access our service?

Yes. If you are using a federated access management system, UK institutions that have subscribed to OpenAthens and are using Classic Athens or AthensDA will still be able to access your service through the Athens-Federation gateway as part of their subscription to Eduserv Athens, provided that they are eligible to join the UK federation.

5. If we have chosen OpenAthensSP will UK institutions that are using Shibboleth still be able to access our service?

Yes. OpenAthensSP is a modular access management system which includes SAML, Shibboleth, Microsoft Cardspace and OpenID.

6. How long does it take to implement a federated access management solution?

Timescales for implementation will depend on the complexity and scale of your platforms and the expertise of your technical staff (either in-house or outsources) but it could take anywhere between three weeks and three months.

7. How do we configure our Shibboleth SP?

Please follow the guidance available on the UK federation website

8. How do we register our Service Provider with the UK federation?

Please follow the guidance available on the UK federation website

9. Which certificates can we use?

List of acceptable certificates

Guidance on using certificates not listed here is also provided. Certificates can be embedded in the UK federation metadata.

10. What attributes can we use?

A core set of attributes have been identified. Detailed information about attributes can be found in section 7 of the document Technical recommendations for participants. Further information including a list of attributes that are used by other Service Providers.

11. What guidance can you provide for Login pages and WAYFs?

Guidance on terminology for Login pages and WAYF design can be found on the JISC website.

12. How can we test our implementation?

The UK federation does not currently provide a test IdP. You can test by deploying your own IdP or by creating a test account at one of the open access IdPs within the UK federation such as ProtectNetwork and TypeKey Bridge. You may also be able to do a live test with institutional customers that have registered their IdP with the UK federation.

13. What support and guidance is available for Shibboleth 2.0?

JISC has recently held a two-day Shibboleth 2.0 Installfest in Birmingham to get the first indepth look at Shibboleth 2.0 and the UK federation and Netskills Training will develop materials following on from this event.  Shibboleth 2.0 can be used within the UK federation but the current JISC recommenation is for institutions and service providers to continue using Shibboleth 1.3. 

14. Where can we get support for troubleshooting and technical enquiries?

To arrange a meeting with a member of the UK federation technical support team please contact jisc-access-management@jiscmail.ac.uk. The shibboleth-users@internet2.edu and jisc-shibboleth@jiscmail.ac.uk Shibboleth technical discussion lists are also a good source of community knowledge and expertise. For more substantial support we recommend you contact one of the third party suppliers that are now developing expertise in standards-compliant software.

15. What information do our institutional customers need?

It will be important to contact your institutional customers to:

• Confirm they are happy for their organisation to be added to your WAYF
• Provide them with a WAYFless url to your service if this is available
• Inform them which attributes you will require in order for users to gain access
• Confirm which access methods you will be providing from 1 August 2008

In addition to direct contact with publishers, UK further and higher education institutions also regularly check the JISC Access Management Team blog for information about publishers’ federated access management status. We would be grateful if you could check the information on the blog so that we can ensure the information we provide is as accurate and up-to-date as possible. It is particularly important that we have information about which access management solution(s) you will be providing from 1 August 2008 (e.g. Shibboleth, Athens, OpenAthensSP, IP, username & password, referring URL), which is when JISC funding for Athens and the Federation gateways will cease.

16. How can we keep updated with important information?

An announcement and discussion list has been set up specifically for Service Providers that want to receive information about the transition to federated access management. Join the list