How to Deploy a GFIPM Identity Provider in an Operational Federation

From GFIPM Implementation Wiki
Jump to: navigation, search
Main Page Up Previous


This article describes how to deploy a GFIPM Identity Provider (IDP) in the operational federation to ensure its connection and interoperability to the GFIPM Trust Fabric.

During your deployment in the test environment, you were able to use all the test environment's resources. If you are now deploying your IDP in the NIEF operational federation, here are the equivalent production resources that you can leverage.

  • Publicly accessible information about NIEF is available at [1].
  • The NIEF Trust Fabric document is located at [2].

Note that there are no "test" IDPs or SPs in an operational federation such as NIEF. The operational federation contains live data, and test identities should never be used within it.

Any new IDP must be "connected" to NIEF (or your own operational GFIPM federation) by adding the IDP to the federation's trust fabric. The trust fabric update process consists of these steps:

  1. Provide your IDP's entity metadata to the federation manager.
  2. The federation manager adds the new entity to the federation trust fabric.
  3. All participants load the new federation trust fabric into their IDPs and SPs.

Before or during your deployment, you must also fill out an Implementation Documentation Form for your IDP and submit it to the federation manager as part of the membership application process. A template of this form is available from the federation manager. The form requests the following information:

  • IDP software platform details (OS, Web server, SAML software)
  • User authentication endpoint details
  • User attribute endpoint details
  • Network configuration notes

Your ability to test your IDP in the operational federation will be limited because of the lack of test SPs in the operational federation. According to the usage policies of most SPs in an operational federation, only real users using real identities (with valid user data, permissions, and privileges) are permitted to use (i.e., test) the operational systems. Therefore, when executing your IDP's test plan in the operational federation, you must perform the necessary tests with real users (from your organization and others). As before, write a test report to be distributed within your organization and to all testing partners.


Main Page Up Previous
Retrieved from "https://impl.gfipm.net/mwiki/index.php?title=How_to_Deploy_a_GFIPM_Identity_Provider_in_an_Operational_Federation&oldid=1014"