| 1 | [[PageOutline]] |
| 2 | |
| 3 | = Intended Audience = |
| 4 | This page is for [http://incommon.org InCommon] identity provider administrators. |
| 5 | |
| 6 | = InCommon Research & Scholarship Category = |
| 7 | The easiest way to federate with GENI is by [https://spaces.internet2.edu/x/aAbvAQ providing support for R&S]. This will enable access to GENI form your campus, and also enable access to all [https://incommon.org/federation/info/all-sp-categories.html#SPs R&S service providers]. |
| 8 | |
| 9 | = Resources = |
| 10 | * [http://www.incommon.org/federation/metadata.html InCommon Metadata] is the definitive source for attribute information required by the [https://portal.geni.net GENI Experimenter Portal] |
| 11 | * Look for the entityID `https://panther.gpolab.bbn.com/shibboleth` in the [http://md.incommon.org/InCommon/InCommon-metadata.xml raw metadata] |
| 12 | * !InCommon documentation to [https://spaces.internet2.edu/x/BoOVAQ Configure a Shibboleth IdP to Support R and S] |
| 13 | * Send email to portal-help@geni.net for assistance |
| 14 | |
| 15 | = Attributes = |
| 16 | This table provides information about attributes that the [https://portal.geni.net GENI Experimenter Portal] accepts from !InCommon identity providers. |
| 17 | |
| 18 | || '''Attribute''' || '''Status''' || '''Description''' || |
| 19 | || eppn || required || eduPersonPrincipalName is the only ''required'' attribute || |
| 20 | || mail || strongly[[BR]]encouraged || If email address is not provided each user from your campus will have to perform manual steps to access GENI || |
| 21 | || displayName || optional || Enhances the user experience || |
| 22 | || givenName || optional || Enhances the user experience || |
| 23 | || sn || optional || Enhances the user experience || |
| 24 | || affiliation || optional || Information used to elevate privileges for some users || |
| 25 | |
| 26 | = Testing = |
| 27 | We provide a [https://portal.geni.net/secure/env.php test page] to see what attributes are being released by your identity provider. Navigate to https://portal.geni.net/secure/env.php, logging in as necessary. On that page you will see a long list of variables. In between the "Shib-*" values and the "HTTP_*" values, you will see what attributes your identity provider is releasing to GENI. |
| 28 | |
| 29 | In the example below using our internal identity provider all desired attributes are being released to GENI: |
| 30 | {{{ |
| 31 | ... |
| 32 | Shib-Application-ID = default |
| 33 | Shib-Session-ID = _f12989bcc1f6f95ac6882107bf063ced |
| 34 | Shib-Identity-Provider = https://shib-idp.geni.net:8444/idp/shibboleth |
| 35 | Shib-Authentication-Instant = 2014-04-04T19:36:24.370Z |
| 36 | Shib-Authentication-Method = urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport |
| 37 | Shib-AuthnContext-Class = urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport |
| 38 | Shib-Session-Index = aa69df381e2376f2ba98f8bfec45abd0e8d472bc1d31b1ce98c05755d2f4af66 |
| 39 | affiliation = staff@gpolab.bbn.com;member@gpolab.bbn.com |
| 40 | displayName = Tom Mitchell |
| 41 | eppn = tmitchel@gpolab.bbn.com |
| 42 | givenName = Tom |
| 43 | mail = tmitchel@bbn.com |
| 44 | sn = Mitchell |
| 45 | HTTP_HOST = portal.geni.net |
| 46 | HTTP_CONNECTION = keep-alive |
| 47 | HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 |
| 48 | HTTP_USER_AGENT = Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.152 Safari/537.36 |
| 49 | HTTP_ACCEPT_ENCODING = gzip,deflate,sdch |
| 50 | HTTP_ACCEPT_LANGUAGE = en-US,en;q=0.8 |
| 51 | HTTP_COOKIE = _saml_idp=aHR0cHM6Ly9zaGliLWlkcC5nZW5pLm5ldDo4NDQ0L2lkcC9zaGliYm9sZXRo; |
| 52 | ... |
| 53 | }}} |
| 54 | |
| 55 | = Questions or Comments = |
| 56 | If you have questions or comments about the information on this page, please email portal-help@geni.net. |