wiki:InCommon/FederatingWithGENI

Version 2 (modified by tmitchel@bbn.com, 9 years ago) (diff)

--

Intended Audience

This page is for InCommon identity provider administrators.

InCommon Research & Scholarship Category

The easiest way to federate with GENI is by providing support for R&S. This will enable access to GENI form your campus, and also enable access to all R&S service providers.

Resources

Attributes

This table provides information about attributes that the GENI Experimenter Portal accepts from InCommon identity providers.

Attribute Status Description
eppn required eduPersonPrincipalName is the only required attribute
mail strongly
encouraged
If email address is not provided each user from your campus will have to perform manual steps to access GENI
displayName optional Enhances the user experience
givenName optional Enhances the user experience
sn optional Enhances the user experience
eduPersonScopedAffiliation optional Information used to elevate privileges for some users

Testing

We provide a test page to see what attributes are being released by your identity provider. Navigate to https://portal.geni.net/secure/env.php, logging in as necessary. On that page you will see a long list of variables. In between the "Shib-*" values and the "HTTP_*" values, you will see what attributes your identity provider is releasing to GENI.

In the example below using our internal identity provider all desired attributes are being released to GENI:

...
Shib-Application-ID = default
Shib-Session-ID = _f12989bcc1f6f95ac6882107bf063ced
Shib-Identity-Provider = https://shib-idp.geni.net:8444/idp/shibboleth
Shib-Authentication-Instant = 2014-04-04T19:36:24.370Z
Shib-Authentication-Method = urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
Shib-AuthnContext-Class = urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
Shib-Session-Index = aa69df381e2376f2ba98f8bfec45abd0e8d472bc1d31b1ce98c05755d2f4af66
affiliation = staff@gpolab.bbn.com;member@gpolab.bbn.com
displayName = Tom Mitchell
eppn = tmitchel@gpolab.bbn.com
givenName = Tom
mail = tmitchel@bbn.com
sn = Mitchell
HTTP_HOST = portal.geni.net
HTTP_CONNECTION = keep-alive
HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
HTTP_USER_AGENT = Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.152 Safari/537.36
HTTP_ACCEPT_ENCODING = gzip,deflate,sdch
HTTP_ACCEPT_LANGUAGE = en-US,en;q=0.8
HTTP_COOKIE = _saml_idp=aHR0cHM6Ly9zaGliLWlkcC5nZW5pLm5ldDo4NDQ0L2lkcC9zaGliYm9sZXRo; 
...

Questions or Comments

If you have questions or comments about the information on this page, please email portal-help@geni.net.