Adding Shibboleth Information

Services that are protected by Shibboleth have Access Control set to 'shibboleth' (possibly along with other authentication options). When this is set the Data Editor displays other fields that have to be filled:

• Mediator. The Mediator for the UK is: http://www.ukfederation.org.uk/ . This field is optional. For new Service records the UK federation is set as the default.
• Shibboleth Information (seeAlso/SvcShib). Relevant eduPerson attributes should be entered here. They can be entered as a text string with items separated by semi-colons, and optional ones surrounded by square brackets. Alternatively a URI which points to an XML specification can be given. For new Service records this field is defaulted to: eduPersonScopedAffiliation.

A WAYFless URL is an alternative entry point into a data collection. Thus it is a separate webcgi service and should be registered in IESR as a separate Service record. It needs a WSDL file to capture the arguments of the webcgi service (that appear after the '?'). The URI of this WSDL file should be used as the value of the Service's Interface property.

E-Z Proxy is also a webcgi service, which would be catalogued as a separate Service.

Currently Shibboleth cannot be used for machine-to-machine services, because end user input is needed to provide WAYF details (though this may be passed on from an initial single-signon login). Thus Shibboleth authenticated services described in IESR are webpage or webcgi only.

Zetoc Service records provide examples of registering Shibboleth details and WAYFless URLs.

27 October 2007