Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Included language indicating that test environments are required.

...

Departments wishing to integrate with MyAccess will need a variety of staff to support migration efforts and maintain the integrations over time. If a department does not have internal staff with the necessary skills to support a SAML Service Provider, it must contract with an outside system administration service.  Additionally, any application that is to integrated with the production MyAccess login system must have a separate test environment in which any changes or updates to the application can be tested before being moved into the production environment.

The section below describes specific Service Provider responsibilities and who typically performs the work.

Responsibility

Staff

Shibboleth SAML Integration Project Management

Application owner/department

Determining data needs

Application owner/department

Submitting data release requests, including to other institutions when federation is appropriate

Application owner, IAM Team

Installing, configuring, upgrading and maintaining over time all server-side software need to run Shibbolethby the application

Departmental system administrators

Providing a Service Provider test environment so that software patches and upgrades can be adequately tested prior to release in production

Application owner

Monitoring of the Shibboleth SAML compatible service to ensure it is running

Departmental system administrators

Identifying, troubleshooting, testing, and resolving issues (including multiple servers, load balancers, database setups, etc.)

Departmental system administrators, departmental developers, IAM team in a consulting role

Developing and sending communications to end users

Application owner/department

Providing a point of contact for end users experiencing problems

Application owner/department

...

  1. Become well versed in how MyAccess/Shibboleth the SAML process works. The Identity and Access Management team can provide traininggeneral documentation on this.
  2. Join the If using the Shibboleth SP software, join the Internet2 Shibboleth user users mailing list and post questions when there are issues.
  3. Proactively monitor the Shibboleth SP process (not applicable for SimpleSAMLphp)SAML compatible process.
  4. Run a non-production Shibboleth version of the SP to test patches and be familiar with the related software update processprocesses. For example, various Linux distributions behave differently when the Shibboleth SP software is updated.