Wisconsin Federation: Configuring your Service Provider

This document will help you setup your service provider to integrate with the Wisconsin Federation.

Overview

Some web applications need to be accessed by users of other UW-System campuses (outside of UW-Madison). This document will outline the changes you need to make to your shibboleth2.xml to make your Service Provider (SP) work with the Wisconsin Federation (WiscFed) Identity Provider (IdP). You will also have to fill out an Identity Data Integration Request Form to access UW-System identity data.

Signing Certificate

The signing certificate for the SP can be retrieved at https://wayf.wisconsin.edu/metadata/wayf.wisconsin.edu-signing.pem.

Session Initiator

<SessionInitiator type="Chaining" Location="/Login" isDefault="true" id="Intranet"> <SessionInitiator type="SAML2" acsIndex="1" template="bindingTemplate.html"/> <SessionInitiator type="SAMLDS" URL="https://wayf.wisconsin.edu/DS/WAYF"/> </SessionInitiator>

MetadataProvider

<MetadataProvider type="Chaining"> <MetadataProvider type="XML" uri="http://wayf.wisconsin.edu/metadata/wi-federation-metadata.xml" backingFilePath="wayf.wisconsin.edu-wi-federation-metadata.xml" reloadInterval="1800"> <MetadataFilter type="Signature" certificate="wayf.wisconsin.edu-signing.pem"/> </MetadataProvider> </MetadataProvider>

AttributeExtractor

<attributeExtractor type="XML" validate="true" uri="http://wayf.wisconsin.edu/metadata/attribute-map.xml" backingFilePath="wayf.wisconsin.edu-attribute-map.xml" reloadInterval="1800"/>

Attribute Resolver

<attributeResolver type="SimpleAggregation" attributeId="eppn" format="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"> <Entity>https://aa.iam.wisconsin.edu/aa/shibboleth</Entity> <EntityReference>eduWisconsinSPVI</EntityReference> </AttributeResolver>