Shibboleth

Haplo is a member of a number of Shibboleth federations. The details of our Service Provider (SP) in each federation are listed below.

To allow us to authenticate your users, you may need to configure your Identity Provider (IdP) to release appropriate claims to the Haplo SP. See the instructions for your federation below.

The identifier required is the unique identifier for each person in the user feed, and is most likely the username, but sometimes institutions use an email address.

After you have set up your IdP, please send an email to your Haplo contact with:

Which federation you are using.
Your IdP’s entityId.
The claims you have released.

Provision of a test account will speed up testing and deployment. Please provide details by clicking Send secret… in your project room.

UK Federation

The UK Federation authenticates users at UK education and research institutions.

ID	`uk003431`
entityId	`http://shib1.haplo-services.net/shibboleth`

By default, the UK Federation does not send any identifying claims to Service Providers. You must configure your IdP to release the appropriate identifier.

Note that the UK Federation uses http: URLs for entityIds, but the service is only available over https:.

SURFconext (The Netherlands)

SURFconext offers Single Sign On access for educational and research institutions in The Netherlands

ID	Haplo
entityId	`http://shib2.haplo-services.net/shibboleth`

With SURFconext, all claims are explicit and need to be authorised. By default, we request email, principalname, and epsa.

Tuakiri (New Zealand)

Tuakiri is New Zealand’s federated identity management service.

ID	`363`
entityId	`https://shib11.haplo-services.net/shibboleth`

Tuakiri provides a default attribute list to IdPs. If you use this list, then your IdP will identify the username and email address of your users, which is likely to be sufficient.

If you do not use the default attribute list, or you use a different identifier within the user feed, then you will need to manually configure your IdP.