Home » FIM Setup

FIM Setup


CANARIE is pleased to announce the addition of ADFSToolkit functionality to the Canadian Access Federation (CAF) Federated Identity Management (FIM) service. CANARIE and its partners have been working on a set of tools to augment existing ADFS Identity Provider installations. This set of tools is published by CANARIE as a Powershell module called ADFSToolkit, in […]

blog arrowDate: February 15, 2018

Common Settings and URLs for FIMS Services

Production and Test Environments CANARIE’s FIM has two environments: Production environment for production facing services and high availability profile Test environment for non-production services with a best effort availability profile Your IdP or SP can participate in either or both environments as long as the operation of the IdP or SP complies with the most […]

blog arrowDate: September 19, 2017

Critical Configuration Policies

Configuring your Identity Provider or Service Provider is critical to the operation and security of the federation. The reference FIMS software and the CANARIE IdP installer  are capable of adhering to these elements. Other software may not be. In cases where your chosen platform cannot meet these requirements, steps should be taken to mitigate the […]

blog arrowDate: August 5, 2017

Common IdP and SP Configuration Settings

Common steps for both the Shibboleth IdP and SP are to fetch the FIMS Signing Key and to also configure Production and or Test aggregate fetching and validation.  These steps shape the foundation for the base configurations in CAF, which may branch into more in-depth information and links. Fetching FIMS Signing Key Fetch the certificate […]

blog arrowDate: July 13, 2017

Reference Shibboleth IdP Configuration Settings

Configuring the Shibboleth IdP to Load and Validate metadata If you are using the IdP-Installer, this is automatically configured for you and you can skip this section. Recommended reading and authoritative reference for IdP metadata configuration can be found here: https://wiki.shibboleth.net/confluence/display/IDP30/MetadataConfiguration Adding FIMS Production Aggregates to the Shibboleth IdP To add the FIMS Production aggregates […]

blog arrowDate: June 15, 2017

Reference Shibboleth SP Configuration Settings

Configuring the Shibboleth Service Provider to load metadata The Shibboleth Service provider can be downloaded from the Shibboleth site for Unix or Windows platforms. The instructions that follow are for basic configuration and encourage review of the recommended readings for more detail. Recommended reading for Service Providers: For installation For metadata configuration Adding FIMS Production […]

blog arrowDate: June 7, 2017

About Microsoft ADFS Configuration with FIMS

FIMS will accept ADFS SAML2 compliant metadata but cannot support ADFS to the same level as the Shibboleth reference implementation. If ADFS is going to be used, we recommend: Reviewing the known limitations of ADFS that have been documented here as well as by other federations:  https://www.ukfederation.org.uk/content/Documents/ADFS Understanding and planning for mitigation of the possible […]

blog arrowDate: April 20, 2017