If a you offer any access-restricted resources, joining the Service Provider Federation (SPF) and setting up a Service Provider (SP) is an interesting option. If not, this would be less useful.
Before you proceed, though, it is important that you critically assess the need to set up an SP. See this.
You can join the CLARIN SPF in the following stages.
You will be asked to sign the CLARIN Service Provider Federation Agreement, which states:
"A new party (= service provider) enters the Service Provider Federation upon signature of the accession document Annex 5 by the New Party and the Coordinating Party of the Service Provider Federation. Such accession shall have effect from the date identified in the accession document."
In brief, this means that the new party and the Coordinating Party (CLARIN ERIC) will sign a new Annex (= signature page) and this Annex will be attached to the original agreement deposited by the Coordinating Party.
Please complete the following steps:
- Fill in the yellow fields and sign document CE-2014-0309 (CLARIN Service Provider Federation Agreement) electronically.
- Send it by e-mail to firstname.lastname@example.org (and, if you prefer, by postal mail to CLARIN ERIC).
- CLARIN ERIC will sign the document as well, and will e-mail it back to you (and if you prefer send it by postal mail as well).
- Finally, CLARIN ERIC will sign specific agreements with all participating national Identity Federations on behalf of the new Service Provider (SP).
Therefore, in practice the Centre, the CLARIN ERIC and all Identity Federations have to sign.
After completing this stage, your Service Provider will be listed on the SPF overview page.
This stage requires that you complete the following steps:
- Set up a Service Provider.
- If you have a national Identity Federation, join it with both your SP and IdP.
- Then the SAML metadata of the new SP has to be distributed to each participating national Identity Federation. This is to be done by CLARIN ERIC's SPF administrators.
- Furthermore, the SAML metadata about all national Identity Federations' IdPs has to be included in the SAML metadata consumed by the SP, as specified in the SP's configuration. This is to be completed by your SP's operators.
- We finally have to verify that at least one IdP from each national Identity Federation can connect to the new SP. Please contact the SPF administrators.
For Identity Federations
1. Legal implementation
All the Parties have to sign the agreement with a new Identity Federation or give a power of attorney to CLARIN ERIC (Coordinating Party) to sign the agreement.
Therefore, in practice all SPs' operators, the CLARIN ERIC and the joining national Identity Federation have to sign.
2. Technical implementation
The following steps will be performed by the CLARIN ERIC's SPF administrators in cooperation with you:
- The SAML metadata about all of the SPF's production SPs has to be distributed to the joining national Identity Federation.
- Moreover, the SAML metadata about the joining national Identity Federation's IdPs has to be included in the SAML metadata consumed by each SPF production SP, as specified in the SPs' configurations.
- When that is done, we have to verify that at least one IdP from the joining national Identity Federation can connect to each of the SPF's production SPs.
If you want to access the SPF production SPs through your national Identity Federation, complete the following steps:
- First, make sure that you do have an Identity Federation.
- Next, make sure that your organization operates an Identity Provider connected to your Identity Federation. We need at least one person who can test authentication to one of our SPs with an account managed by your IdP. In case your organization does not operate an IdP, then it will have to create one and join your national Identity Federation.
- In case of problems, contact the SPF administrators.