ServiceProviderManager
Please note:
During the introduction phase of the ServiceProviderManager please be careful with advanced configuration options (EntityAttributes, SPSSODescriptor etc.). Please report ServiceProviders which are no longer required to the IT-ServiceDesk. Currently, your changes will be transferred to the running configuration of the IdentityProvider after manual approval.
The ServiceProviderManager (SPM) is used to manage local RWTH services that are connected to the RWTH IdentityProvider (IdP) and authenticate their users via RWTH SingleSign-On. Each ServiceProvider is assigned to an RWTH organization that operates or is responsible for the service. The SPM allows the respective organizations to maintain basic information about their services themselves and view the configuration.
Access
Access is granted via the “RWTH SSO Service Provider Administration” role of the organizational unit to which the service provider is assigned. The role can only be assigned by organizations that have registered a service provider. It is activated by the role owners as part of the registration process.
Organizations that operate a large number of service providers have the option of delegating the administration of service providers by assigning groups from the role and group administration (Service Provider Overview -> Edit -> Organization -> Groups).
Public view
The SPM provides a public directory of all local services connected to the RWTH IdP. In addition, you will find all DFN AAI services for which special attribute activations exist at RWTH. This is where you will find the relevant contact persons if you have any questions about the usability of a service.
View for holders of the role “Administration RWTH SSO ServiceProvider” or persons with group authorizations
Once you have logged in to SPM, you will only see the service providers of the organizations for which you either have the appropriate role or for which there is an assignment to a group of which you are a member.
Regardless of whether you are authorized via a role or group, you have access to all editing options for the respective service provider.
Some entries, such as status, federation membership, EntityID, and organization assignment, cannot be changed by you. If there is an error in this data, please contact the IT Service Desk.
Each group member can add additional groups of the respective organization and thus authorize them, but cannot remove their own. A member of one of the other (newly) assigned groups can remove the original owner group if required.
KeyDescriptor
Here you can enter the SSL certificate that secures communication between your service provider and the RWTH IdentityProvider.
Contact Person
Here, you must enter at least one contact of the type “administrative.” The contacts are part of the public view. Please ensure that users of your service can reach you via this contact.
Attribute filter
Here you can find the attributes of users from Identity Management that have been activated for your service provider.
