Shib: clean up section on identity federations #2937

IQSS · Apr 19, 2016 · 5edf6a3 · 5edf6a3
1 parent adf1e34
commit 5edf6a3
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/doc/sphinx-guides/source/installation/shibboleth.rst b/doc/sphinx-guides/source/installation/shibboleth.rst
@@ -178,7 +178,11 @@ Most Dataverse installations will probably only want to authenticate users via S
 Identity Federation
 +++++++++++++++++++
 
-Rather than specifying individual Identity Provider(s) you may wish to broaden the number of users who can log into your Dataverse installation by registering your Dataverse installation as a Service Provider (SP) within a federation. For example, users from `hundreds of institutions registered with InCommon <https://incommon.org/federation/info/all-entities.html#IdPs>`_ will be able to log into your Dataverse installation if you register your Dataverse installation as one of the `thousands of Service Providers <https://incommon.org/federation/info/all-entities.html#SPs>`_ that are part of that federation. See http://www.protectnetwork.org/support/faq/identity-federations for a list of identity federations across the world. Rather than hard-coding all the Identity Providers (IdPs) in your ``dataverse-idp-metadata.xml`` file, you would periodically poll your identity federation for updates per https://spaces.internet2.edu/display/InCFederation/Metadata+Consumption and https://spaces.internet2.edu/display/InCFederation/Shibboleth+Metadata+Config#ShibbolethMetadataConfig-ConfiguretheShibbolethSP .
+Rather than specifying individual Identity Provider(s) you may wish to broaden the number of users who can log into your Dataverse installation by registering your Dataverse installation as a Service Provider (SP) within an identity federation. For example, in the United States, users from `hundreds of institutions registered with the "InCommon" identity federation <https://incommon.org/federation/info/all-entities.html#IdPs>`_ will be able to log into your Dataverse installation if you register it as one of the `thousands of Service Providers registered with InCommon <https://incommon.org/federation/info/all-entities.html#SPs>`_.
+
+The details of how to register with an identity federation are out of scope for this document, but a good starting point may be this list of identity federations across the world: http://www.protectnetwork.org/support/faq/identity-federations
+
+One of the benefits of using ``shibd`` is that it can be configured to periodically poll your identify federation for updates as new Identity Providers (IdPs) join the federation you've registered with. For the InCommon federation, the following page describes how to download and verify signed InCommon metadata every hour: https://spaces.internet2.edu/display/InCFederation/Shibboleth+Metadata+Config#ShibbolethMetadataConfig-ConfiguretheShibbolethSP
 
 .. _shibboleth-attributes: