Hints for Identity Providers (IdP)

How to join Helmholtz AAI as an IdP

Helmholtz AAI supports all IdPs from eduGAIN.

In order to collaborate and join as an identity provider, please join your national federation and participate eduGAIN.

The mandatory information about the attributes consumed by the Helmholtz AAI, besides the federation metadata, are documented here in the attributes section.

---

Configuration of Shibboleth 4 IdP for Attribute Query

Warning

This information is preliminary. The documentation will be completed as soon as possible.

This is a collection of configuration files technically needed for Attribute Query response in Shibboleth 4.

For general Shibboleth configuration, see also DFN Documentation .

Specifics for Shibboleth 4

• Exemplary configuration files are deposited below.
• schacUserStatus.properties must be located in conf/attributes/custom/.
• Implementation of schacUserStatus in attribute-resolver.xml is based on Active Directory as LDAP-Backend and uses the UserAccountControl attribute. This needs to be handled differently when using OpenLDAP! (See example attribute-resolver.xml in DFN Documentation.)
• There is an example for a CERN Login in relying-party.xml, maybe it helps for understanding.

Configuration Files

• attribute-filter.xml
• attribute-resolver.xml
• relying-party.xml
• schacUserStatus.properties

Questions?

If you have further questions, please contact support@hifis.net.