For a Shibboleth Identity Provider to join one of the Tuakiri Federations (Test/Dev or Production), the following steps have to be done:

There are two federations available, both fully operational:

We recommend first registering a Test system into Tuakiri-TEST and after successful testing, register a production-ready system into Tuakiri Production.

Federation Details

Federation name

Tuakiri Production

Tuakiri TEST

Metadata name

tuakiri.ac.nz

test.tuakiri.ac.nz

Metadata distribution point

https://directory.tuakiri.ac.nz/metadata/tuakiri-metadata-signed.xml

https://directory.test.tuakiri.ac.nz/metadata/tuakiri-test-metadata-signed.xml

Metadata signing certificate

https://directory.tuakiri.ac.nz/metadata/tuakiri-metadata-cert.pem

https://directory.test.tuakiri.ac.nz/metadata/tuakiri-test-metadata-cert.pem

Federation Registry URL

https://registry.tuakiri.ac.nz/federationregistry/

https://registry.test.tuakiri.ac.nz/federationregistry/

Discovery Service / WAYF URL

https://directory.tuakiri.ac.nz/ds/DS

https://directory.test.tuakiri.ac.nz/ds/DS

Registering an IdP into the Federation Registry

Go to the respecting Federation Registry URL and:

ECP support

If supporting ECP, advertise also your ECP SSO EndPoint: in the Federation Registry registrtion for your IdP:

The IdP also needs to be configured to support ECP

Configuring your IdP to load the federation metadata:

The code snippets in this section have values for Tuakiri Production federation. Please update them accordingly as per the table above if configuring your IdP to join the Tuakiri TEST/DEV federation. (The key code snippets are for convenience given in Appendix B - Tuakiri-TEST Federation below.

NOTE: Check what your IdP home directory is: the directory is typically called shibboleth-idp - and on Debian and Ubuntu systems, it's commonly /usr/local/shibboleth-idp, while on RedHat and CentOS it's /opt/shibboleth-idp. The snippets below are referring to the IdP home directory as $IDP_HOME

Configure attribute release/filtering through the federation:

Now your IdP should be able to access service provides within the Tuakiri (Test/Dev) federation.

Appendix A - Alternative implementation

See here: Fetching Metadata and Attribute Filter and caching them locally 

Appendix B - Tuakiri-TEST Federation

This section gives the variants of the commands to be used when configuring the IdP to join the Tuakiri-TEST Federation (instead of Tuakiri Production).