Distribution process
Currently there is no standardized approach for this across identity federations, so CLARIN ERIC has settled on the following workflow:
- Make sure your Service Provider is listed in the Centre Registry (if not: contact spf@clarin.eu).
- Add your SAML metadata to the CLARIN SPs metadata repository on github as explained here (“I have a CLARIN Service Provider.”).
CLARIN ERIC, as the Coordinating Party, will then take care of the registration with all identity federation’s systems:
- DFN-AAI: via a web interface (support by e-mail: hotline /at/ aai.dfn.de). Special comment: DFN-AAI will export the SAML metadata of the CLARIN SPF SPs to eduGAIN after metadata checks. Therefore, should be treated as the first identity federation to register new SPs with.
- ACOnet: their IdPs will accept our SPs as they monitor our production SPF SPs SAML metadata file and incorporate it in their federation metadata.
- RCTSaai: their IdPs will accept our SPs as they monitor our production SPF SPs SAML metadata file and incorporate it in their federation metadata.
- eduID.cz: their IdPs will accept our SPs if they are in eduGAIN.
- Haka/Kalmar Union: their IdPs will accept our SPs if they are in eduGAIN.
- SWAMID: their IdPs will accept our SPs if they are in eduGAIN.
- UK Federation: their IdPs will accept our SPs if they are in eduGAIN.
- SURFconext: by way of an e-mail to surfconext-beheer /at/ surfnet.nl with reference to the production SPF SPs SAML metadata file.
- Belnet: via a web interface (support by e-mail: servicedesk /at/ belnet.be).
Signing certificate
Our main SAML metadata batches are signed. You can verify them using the X.509 certificate file ( SPF_signing_pub.crt, spf_signing_pub-2020-2025.crt).