The Federation Registry (FR) service links the federation components together into a cohesive platform. This platform permits AAF subscriber members’ access to services after successfully authenticating at their home institution. The FR includes a management Dashboard for the subscriber components and manages the generation and aggregation of federation metadata. The FR Dashboard provides reporting tools for attribute release and availability for connected services.
Using the FR Dashboard, subscribers supply and maintain the SAML specific configuration details for their services. The generation of SAML compliant federation metadata for a service utilises these details. The FR aggregates the individual services metadata and makes it available to all subscribers through the federation metadata file. All services use the federation metadata to enable end-users, via their browsers, to locate the authentication and the services access end-points. Service owners should validate the generated metadata for their service. Valid metadata is the key to a cohesive federation platform.
The FR Dashboard provides the following functionality:
- Maintains technical contact lists for each subscriber service
- Utilisation reporting of Identity Providers and Service Providers.
- Subscriber compliance reporting.
- Subscriber registration workflow management.
- SAML 2.x compliant metadata generation.
- Attribute filter generation.
- Federation status monitoring management.
The AAF offers two federations: Production and Test. These are accessible by visiting https://manager.aaf.edu.au OR https://manager.test.aaf.edu.au. These Dashboards will also list the administrators for organisations and services.
TABLE OF CONTENTS
Federation Registry Dashboard
To access the FR Dashboard, visit https://manager.aaf.edu.au and click the Welcome - Please Login button. Access is available via the individual's institution-issued credentials once an Identity Provider is online, or via the Virtual Home identity provider instance. If these credentials do not provide access or administrative control of an Organisation or service on the FR Dashboard, contact the AAF Support Team firstname.lastname@example.org to resolve the access issue.
The registration of a new Organisation starts by sending a request to the AAF Operations Team at email@example.com with a request for a new Organisation. Once the Organisation is available, the registration of new Identity Providers or Service Providers can commence from the FR Landing Page or from the FR Dashboard within the Identity Provider or Service Provider tabs.
FR Landing Page.
FR Dashboard Identity Provider view.
FR Organisation Administrator
The FR Dashboard permits the AAF to delegate a set of functions to a subscriber’s nominee. This nominee becomes the subscriber’s FR Organisation administrator. The Dashboard will display shortcuts for components to which an administrator has elevated privileges. The FR Organisation administrator manages the following components on behalf of the subscriber:
FR Organisation administrators and delegate access,
Workflow approvals which belong to the Organisation,
Manage Organisation Administrators
To manage the administrators or contacts for an Organisation, access the FR Dashboard and select the Organisation for which a user has administrative privileges. Select the Administrators or the Contact tab and perform the necessary user management activities.
Dashboard view for an Organisation Administrator.
Dashboard view of an Organisation’s Service Provider list.
Dashboard view of an organisation's service registrations.
The FR Dashboard tracks the number of services registered for an Organisation. This assists organisations to monitor compliance with their subscription plan.
To receiving administrator privileges to a component, an individual must complete a logon to the FR. A prior login is not necessary when adding individuals as Contacts to an organisation or a service.
FR Service Administrators
Operators add services to the Federation by submitting a request to a registration workflow. The registration workflow requires the service’s SAML specific configuration necessary for that service to participate in the federation. The FR Organisation administrator is responsible for approving registration requests. The individual submitting a registration for an Identity Provider or Service Provider becomes the administrator of that component. That administrator may appoint additional administrators and other contacts, but only to that service. The FR Service Administrators manage the following components:
Identity Provider or Service Provider SAML configuration,
Identity Provider or Service Provider administrators and delegate access,
Manage Service Administrators (IdP and SP)
To manage the administrators or contacts for an Identity Provider or Service Provider, access the FR Dashboard and select the service for which a user has administrative privileges. Select the Administrators or the Contact tab and perform the necessary user management activities.
A service’s administrators are principally responsible for maintaining the SAML specific configuration details of their service in the Federation.
Dashboard view of a Service Provider details Overview tab.
Dashboard view of a Service Provider details Endpoints tab.
Dashboard view of a Service Provider details Requesting Attributes tab.
Organisation and service Contacts provide the AAF with a contact list for a selection of subscriber roles, including service desk, security contact and technical. These roles serve as the first point of contact for the AAF Support Team when necessary.
Register an Organisation
To register an Organisation, the subscriber's nominee submits a request to the AAF Support Team. The AAF evaluates the request, and on approval, an Organisation is created and the FR emails a unique code to the nominee. The nominee claims administrator access to their organisation by entering the code in the FR Dashboard. An Organisation registration in the Production Federation depends on an AAF Subscription Plan; typically, there is only one FR Organisation per real-world entity. New Organisation registrations in the Test Federation depend on AAF Support Team approval. Please discuss access to the Test Federation with the AAF Support Team before submitting a request. Additional details on Joining the AAF are available.
The AAF evaluates the request, and on approval, the FR emails a unique code to the nominee. The nominee claims administrator access to their organisation by entering the code in the FR Dashboard. An Organisation registration in the Production Federation depends on an AAF Subscription Plan; typically, there is only one FR Organisation per real-world entity. New Organisation registrations in the Test Federation depend on AAF Support Team approval. Please discuss access to the Test Federation with the AAF Support Team before submitting a request. Additional details on Joining the AAF are available.
Register an Identity Provider or Service Provider
A new service registration starts from the FR landing page at https://manager.aaf.edu.au. A service owner submits a request linking the new service to an existing Organisation. That Organisation’s administrator will receive notification of the request. The AAF will evaluate the request, and on approval, the FR emails a unique code. The service owner claims their administrator access to the new service by supplying the unique code to the FR Dashboard.
The service registration process offers a wizard that automates the retrieval of a service’s public SAML metadata. The service’s metadata contains sufficient information to complete the registration. Otherwise, a service owner must provide and confirm the mandatory configuration information to submit a request.
The number of services registered by an organisation should remain within the numerical limits of their subscription plan. When exceeded, an organisation must update its subscription before the AAF approves additional services.
New Registration workflow for Identity Providers and Service Providers.