For a Shibboleth Identity Provider to join one of the Tuakiri Federations (Test/Dev or Pilot/Production), the following steps have to be done:

There will be two federations available:

Federation Details

Federation name


Tuakiri TEST

Metadata name

Metadata distribution point

Metadata signing certificate

Federation Registry URL

Discovery Service / WAYF URL

Registering an IdP into the Federation Registry

Go to the respecting Federation Registry URL and:

Configuring your IdP to load the federation metadata:

The code snippets in this section have values for Tuakiri TEST/DEV federation. Please update them accordingly as per the table above - which boils down to removing the "test" component from the file names / URLs in all of the cases.

NOTE: Check what your IdP home directory is: the directory is typically called shibboleth-idp - and on Debian and Ubuntu systems, it's commonly /usr/local/shibboleth-idp, while on RedHat and CentOS it's /opt/shibboleth-idp. The snippets below are referring to the IdP home directory as $IDP_HOME

Now your IdP should be able to access service provides within the Tuakiri (Test/Dev) federation.