Version 2 (modified by 9 years ago) (diff) | ,
---|
Intended Audience
This page is for InCommon identity provider administrators.
InCommon Research & Scholarship Category
The easiest way to federate with GENI is by providing support for R&S. This will enable access to GENI form your campus, and also enable access to all R&S service providers.
Resources
- InCommon Metadata is the definitive source for attribute information required by the GENI Experimenter Portal
- Look for the entityID
https://panther.gpolab.bbn.com/shibboleth
in the raw metadata
- Look for the entityID
- InCommon documentation to Configure a Shibboleth IdP to Support R and S
- Send email to portal-help@geni.net for assistance
Attributes
This table provides information about attributes that the GENI Experimenter Portal accepts from InCommon identity providers.
Attribute | Status | Description |
eppn | required | eduPersonPrincipalName is the only required attribute |
strongly encouraged | If email address is not provided each user from your campus will have to perform manual steps to access GENI | |
displayName | optional | Enhances the user experience |
givenName | optional | Enhances the user experience |
sn | optional | Enhances the user experience |
eduPersonScopedAffiliation | optional | Information used to elevate privileges for some users |
Testing
We provide a test page to see what attributes are being released by your identity provider. Navigate to https://portal.geni.net/secure/env.php, logging in as necessary. On that page you will see a long list of variables. In between the "Shib-*" values and the "HTTP_*" values, you will see what attributes your identity provider is releasing to GENI.
In the example below using our internal identity provider all desired attributes are being released to GENI:
... Shib-Application-ID = default Shib-Session-ID = _f12989bcc1f6f95ac6882107bf063ced Shib-Identity-Provider = https://shib-idp.geni.net:8444/idp/shibboleth Shib-Authentication-Instant = 2014-04-04T19:36:24.370Z Shib-Authentication-Method = urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Shib-AuthnContext-Class = urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Shib-Session-Index = aa69df381e2376f2ba98f8bfec45abd0e8d472bc1d31b1ce98c05755d2f4af66 affiliation = staff@gpolab.bbn.com;member@gpolab.bbn.com displayName = Tom Mitchell eppn = tmitchel@gpolab.bbn.com givenName = Tom mail = tmitchel@bbn.com sn = Mitchell HTTP_HOST = portal.geni.net HTTP_CONNECTION = keep-alive HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 HTTP_USER_AGENT = Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.152 Safari/537.36 HTTP_ACCEPT_ENCODING = gzip,deflate,sdch HTTP_ACCEPT_LANGUAGE = en-US,en;q=0.8 HTTP_COOKIE = _saml_idp=aHR0cHM6Ly9zaGliLWlkcC5nZW5pLm5ldDo4NDQ0L2lkcC9zaGliYm9sZXRo; ...
Questions or Comments
If you have questions or comments about the information on this page, please email portal-help@geni.net.