How to get your metadata included in eduGAIN
The process to add an SP's or IdP's metadata to eduGAIN varies from federation to federation. Therefore, it is recommended to have a look at your local federation's instructions. Generally, the necessary steps are however:
- Generate entity metadata that is conform with the eduGAIN Metadata Profile by using the eduGAIN Metadata Templates (SAML 2.0 compliant) provided here or, if your Organisation still use the deprecated SAML 1.x standard, ensure to have at least one SAML2 endpoint in your entity's metadata.
- Validate the entity metadata with eduGAIN Metadata Validation tool.
- Contact your Federation and communicate the intention to join to eduGAIN.
Generate eduGAIN Metadata
In some federations, metadata has not to be generated manually but by filling in some web forms that then generate the metadata automatically based on the entered values.
If you have to provide metadata yourself for your entity, have a look at the examples and template metadata files below. They can serve as a starting point that makes the generation a bit easier.
- eduGAIN Metadata Template for Identity Provider (basic idp metadata example, rich idp metadata example)
- eduGAIN Metadata Template for Service Provider (basic sp metadata example, rich sp metadata example)
(update all links above this line)
Most common SAML implementations (Shibboleth, SimpleSAML PHP) also generate some basic metadata automatically.
- For Shibboleth
- SP: Access the https://###YOUR.SP.FQDN###/Shibboleth.sso/Metadata
- IdP: Access https://###YOUR.IDP.FQDN###/idp/profile/Metadata/SAML
- For SimpleSAMLPHP
- SP: Access https://###YOUR.SP.FQDN###/simplesaml/module.php/saml/sp/metadata.php/###SP_AUTHN_SOURCE_NAME###
- IdP: Access https://###YOUR.IDP.FQDN###/simplesaml/saml2/idp/metadata.php
The metadata generated by these SAML implementations only includes the technical values of metadata. It does not contain any organizational values and it also does for example not contain name, description or which attributes are requested. This information has to be added manually.
Validate entity metadata
This step also may not be necessary in case your local federation uses a federation registry that generates and publishes the metadata in eduGAIN for you.
- Go to: eduGAIN Metadata Validation Tool
- Paste your entity's metadata URL into the textbox called "Federation's metadata URL"
- Select your language tag (or skip it)
- Tick the checkboxs with label "Metadata URL contains only one entity" and "Check for Debian weak keys".
- Click on "Validate" button.
Contact your Federation
Finally, contact your Federation and communicate the intention to join to eduGAIN: eduGAIN members In some federations, it is sufficient to send an email to the federation helpdesk and ask them to publish the metadata for eduGAIN. In other federations, the federation registry allows an administrator to tick a checkbox to achieve the same.