For a Shibboleth Identity Provider to join one of the Tuakiri Federations (Test/Dev or Pilot/Production), the following steps have to be done:

There will be two federations available:

Federation Details

Federation name

Tuakiri

Tuakiri TEST

Metadata name

tuakiri.ac.nz

test.tuakiri.ac.nz

Metadata distribution point

https://directory.tuakiri.ac.nz/metadata/tuakiri-metadata-signed.xml

https://directory.test.tuakiri.ac.nz/metadata/tuakiri-test-metadata-signed.xml

Metadata signing certificate

https://directory.tuakiri.ac.nz/metadata/tuakiri-metadata-cert.pem

https://directory.test.tuakiri.ac.nz/metadata/tuakiri-test-metadata-cert.pem

Federation Registry URL

https://registry.tuakiri.ac.nz/federationregistry/

https://registry.test.tuakiri.ac.nz/federationregistry/

Discovery Service / WAYF URL

https://directory.tuakiri.ac.nz/ds/DS

https://directory.test.tuakiri.ac.nz/ds/DS

Registering an IdP into the Federation Registry

Go to the respecting Federation Registry URL and:

Configuring your IdP to load the federation metadata:

The code snippets in this section have values for Tuakiri (Pilot) federation. Please update them accordingly as per the table above if configuring your IdP to join the Tuakiri TEST/DEV federation. (The key code snippets are for convenience given in Appendix A - Tuakiri-TEST Federation below.

NOTE: Check what your IdP home directory is: the directory is typically called shibboleth-idp - and on Debian and Ubuntu systems, it's commonly /usr/local/shibboleth-idp, while on RedHat and CentOS it's /opt/shibboleth-idp. The snippets below are referring to the IdP home directory as $IDP_HOME

Configure attribute release/filtering through the federation:

Now your IdP should be able to access service provides within the Tuakiri (Test/Dev) federation.

Appendix A - Tuakiri-TEST Federation

This section gives the variants of the commands to be used when configuring the IdP to join the Tuakiri-TEST Federation (instead of Tuakiri Pilot).