Reference Service Provider

From GFIPM Implementation Wiki
Jump to: navigation, search
Go back


In addition to deploying reference IDPs, GTRI has also deployed two reference SPs in the GFIPM Reference Federation. Both SPs are based on the Shibboleth 2.x implementation of SAML 2.0. As with the reference IDPs, one of the reference SPs was deployed on a Microsoft Windows platform, and the other on RHEL. Again, as with the reference IDPs, there is no functional difference between a Shibboleth SP running on Windows and one running on RHEL; however, the deployment processes for a Shibboleth SP on each platform are different enough to merit the task of working through each and documenting them separately. During and after the deployment process, GTRI created a detailed set of instructions for deploying a Shibboleth SP on each platform.

The integration work required for an SP involves setting up the SP to provide protected access to sensitive resources. During the deployment of the reference SPs, GTRI created some simple HTML and PHP pages to serve as protected resources. These pages serve two important purposes. First, they help participants debug various problems with their IDPs at the SAML configuration level. Second, they allow for careful inspection of the GFIPM user metadata that an IDP sends to a reference SP. This feature has been very valuable in helping participants identify and correct problems related to the generation of metadata by their IDPs.

As with the reference IDPs, participants have found the reference SPs to be useful during the deployment process for their infrastructure. Participants are able to test their IDPs by attempting to access resources on the reference SPs.

Some of the current participants continue to maintain Reference SPs online within the GFIPM Reference Federation on a full- or part-time basis. For example, CISA maintains a reference SP for its testing use. The CISA reference SP provides links to test resources for testing purposes and can also be used to test the user metadata from another participant's IDP. Other reference SPs from other participants may occasionally be available in the GFIPM Reference Federation. When available, these SPs can be used by the users of any participant with a referenced IDP or by using the GFIPM Reference IDP.


Go back