Overview

Each Identity and Service Provider has technical information which includes Entity Descriptors, Identity or Service Provider contacts and administrators, certificates, endpoints and other relevant technical information about the functionality of your service which can be found by logging into the Federation Registry. The following will detail that information, where it is located and how it may be changed and/or updated.


Prerequisites

To access this specific information you must have be delegated the particular rights to the virtual home as well as the management or administrative rights to manage the service. If you are unsure of the exact permissions you have, please contact support or log into the attribute validator to get a snapshot of your credentials.


Details

Production: https://manager.aaf.edu.au/federationregistry/

Test: https://manager.test.aaf.edu.au/federationregistry


One you have logged in, click on the IdP/SP that you are concerned with. The Overview tab contains the core information about your IdP/SP. The Entity Descriptor is also known as the SAML entity ID. This value must match the configuration for your identity provider or service provider.


An example entity ID for a Shibboleth identity provider might look like:

Other information that may also access and edit includes:

1. Certificates

2. Attributes

3. NameID Formats

4. Metadata

5. Attribute Filter


Notes

For Shibboleth identity provider, the entity ID attribute is defined in the config file relying-party.xml under the elements <rp:DefaultRelyingParty> and <rp:AnonymousRelyingParty> as well as in attribute-resolver.xml under the <resolver:DataConnector> element.


For  IdP V3, the  entity ID is defined in the idp.properties file under Set the entityID of the IdP

For a Shibboleth service provider, the entity ID attribute is defined in the config file shibboleth2.xml under the <ApplicationDefaults> element.

The entity ID in the federation metadata MUST match the entity ID in your local configuration, otherwise federation endpoints will not be able to identity and reference your IdP/SP.

Note that, if you want to change an entity ID on the Federation Registry side, you cannot do this as a normal user.  You will have to log a support call for a Federation Registry administrator to action this for you.