[[PageOutline]] = Intended Audience = This page is for [http://incommon.org InCommon] identity provider administrators. = InCommon Research & Scholarship Category = The easiest way to federate with GENI is by [https://spaces.internet2.edu/x/aAbvAQ providing support for R&S]. This will enable access to GENI form your campus, and also enable access to all [https://incommon.org/federation/info/all-sp-categories.html#SPs R&S service providers]. = Resources = * [http://www.incommon.org/federation/metadata.html InCommon Metadata] is the definitive source for attribute information required by the [https://portal.geni.net GENI Experimenter Portal] * Look for the entityID `https://panther.gpolab.bbn.com/shibboleth` in the [http://md.incommon.org/InCommon/InCommon-metadata.xml raw metadata] * !InCommon documentation to [https://spaces.internet2.edu/x/BoOVAQ Configure a Shibboleth IdP to Support R and S] * Send email to portal-help@geni.net for assistance = Attributes = This table provides information about attributes that the [https://portal.geni.net GENI Experimenter Portal] accepts from !InCommon identity providers. || '''Attribute''' || '''Status''' || '''Description''' || || eppn || required || eduPersonPrincipalName is the only ''required'' attribute || || mail || strongly[[BR]]encouraged || If email address is not provided each user from your campus will have to perform manual steps to access GENI || || displayName || optional || Enhances the user experience || || givenName || optional || Enhances the user experience || || sn || optional || Enhances the user experience || || eduPersonScopedAffiliation || optional || Information used to elevate privileges for some users || = Testing = We provide a [https://portal.geni.net/secure/env.php test page] to see what attributes are being released by your identity provider. Navigate to https://portal.geni.net/secure/env.php, logging in as necessary. On that page you will see a long list of variables. In between the "Shib-*" values and the "HTTP_*" values, you will see what attributes your identity provider is releasing to GENI. In the example below using our internal identity provider all desired attributes are being released to GENI: {{{ ... Shib-Application-ID = default Shib-Session-ID = _f12989bcc1f6f95ac6882107bf063ced Shib-Identity-Provider = https://shib-idp.geni.net:8444/idp/shibboleth Shib-Authentication-Instant = 2014-04-04T19:36:24.370Z Shib-Authentication-Method = urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Shib-AuthnContext-Class = urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Shib-Session-Index = aa69df381e2376f2ba98f8bfec45abd0e8d472bc1d31b1ce98c05755d2f4af66 affiliation = staff@gpolab.bbn.com;member@gpolab.bbn.com displayName = Tom Mitchell eppn = tmitchel@gpolab.bbn.com givenName = Tom mail = tmitchel@bbn.com sn = Mitchell HTTP_HOST = portal.geni.net HTTP_CONNECTION = keep-alive HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 HTTP_USER_AGENT = Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.152 Safari/537.36 HTTP_ACCEPT_ENCODING = gzip,deflate,sdch HTTP_ACCEPT_LANGUAGE = en-US,en;q=0.8 HTTP_COOKIE = _saml_idp=aHR0cHM6Ly9zaGliLWlkcC5nZW5pLm5ldDo4NDQ0L2lkcC9zaGliYm9sZXRo; ... }}} = Questions or Comments = If you have questions or comments about the information on this page, please email portal-help@geni.net.