JA T3 Framework

Fast. Flexible. Powerful

Contact

How to get my service connected

Contracts

In order for a service to use the WAYF federation the service provider must sign a contract with WAYF. The contract is a personalised version of the WAYF standard contract. A prerequsite for WAYF's personalising the contract is the creation of a purpose description for the service and a few other pieces of information about it (see the check list below). These must be sent to the WAYF Secretariat.

The purpose of the service must be crafted to fit the template for service descriptions. Together with the formatted purpose description the Secretariat needs to know which attributes the service would wish to get from WAYF at log-in time to be able to authorise the user, or for other relevant purposes. Go through the list of attributes and think about which of the attribute profiles would fit the needs of the service.

When the WAYF Secretariat has gone through the purpose description and the wish for attributes, a contract will be drafted and sent to the person responsible. The contract must be signed in two copies and sent back to the WAYF Secretariat. When that has been done, the rest of the work is purely technical.

Check list:

  • Purpose of the service
  • Wish for attribute profile
  • Company name
  • The company's VAT number
  • The company's logotype

If you have any questions, please contact the Secretariat. Once the technical tests have been concluded, the production system can be updated with information about the new service.

Technical work

Technical connection to the service

WAYF is a SAML2 federation.

The Service Provider must comply with these technical requirements:

  • AuthnRequest must be sent via HTTP-POST or HTTP-Redirect bindings.
  • All AuthnRequests must be signed with a certificate complying to WAYF's certificate policy.
  • The Service Provider must be able to receive AuthResponse via HTTP-Post or HTTP-Redirect bindings.
  • The communication between WAYF and the Service Provider must be over HTTPS.

Certificate requirements

See WAYF's certificate policy.

Self-service portal

With the SAML2 software installed by the Service Provider, one should register as a user at WAYF's self-service portal. One registers a mail address and then receives an e-mail access token. In the self-service portal it is now possible to register the metadata for the service. Once the metadata have been registered in the portal, it is known by WAYF's test environment within 5 minutes. As a service provider one must register the metadata for WAYF as an IdP where the SAML2 software expects this.

WAYF would like to get feedback on what could be enhanced in the self-service portal.

WAYF Secretariat
2 H.C. Andersens Boulevard
DK-1553 Copenhagen V
Denmark

www.wayf.dk
sekretariat@wayf.dk

line
You are here: