Home » FIM Setup

FIM Setup

Federation Operator Practice: Metadata Registration Practice Statement

This template document is licensed under Creative Commons CC BY 3.0. You are free to share, re-use and adapt this template as long as attribution is given. This document draws on work carried out by the UK Access Management Federation and the ACOnet Identity Federation with gratitude. 1. Definitions and Terminology The key words “MUST”, […]

Read More...
blog arrowDate: March 18, 2019


ADFSToolkit

CANARIE is pleased to announce the addition of ADFSToolkit functionality to the Canadian Access Federation (CAF) Federated Identity Management (FIM) service. CANARIE and its partners have been working on a set of tools to augment existing ADFS Identity Provider installations. This set of tools is published by CANARIE as a Powershell module called ADFSToolkit, in […]

Read More...
blog arrowDate: February 15, 2018


Common Settings and URLs for FIM Services

Production and Test Environments CANARIE’s FIM has two environments: Production environment for production facing services and high availability profile Test environment for non-production services with a best effort availability profile Your IdP or SP can participate in either or both environments as long as the operation of the IdP or SP complies with the most […]

Read More...
blog arrowDate: September 19, 2017


Critical Configuration Policies

Configuring your Identity Provider or Service Provider is critical to the operation and security of the federation. The reference FIM software and the CANARIE IdP installer  are capable of adhering to these elements. Other software may not be. In cases where your chosen platform cannot meet these requirements, steps should be taken to mitigate the […]

Read More...
blog arrowDate: August 5, 2017


Common IdP and SP Configuration Settings

Common steps for both the Shibboleth IdP and SP are to fetch the FIM Signing Key and to also configure Production and or Test aggregate fetching and validation.  These steps shape the foundation for the base configurations in CAF, which may branch into more in-depth information and links. Fetching FIM Signing Key Fetch the certificate […]

Read More...
blog arrowDate: July 13, 2017


Reference Shibboleth IdP Configuration Settings

Configuring the Shibboleth IdP to Load and Validate metadata If you are using the IdP-Installer, this is automatically configured for you and you can skip this section. Recommended reading and authoritative reference for IdP metadata configuration can be found here: https://wiki.shibboleth.net/confluence/display/IDP30/MetadataConfiguration Adding FIM Production Aggregates to the Shibboleth IdP To add the FIM Production aggregates […]

Read More...
blog arrowDate: June 15, 2017


Reference Shibboleth SP Configuration Settings

Configuring the Shibboleth Service Provider to load metadata The Shibboleth Service provider can be downloaded from the Shibboleth site for Unix or Windows platforms. The instructions that follow are for basic configuration and encourage review of the recommended readings for more detail. Recommended reading for Service Providers: For installation For metadata configuration Adding FIM Production […]

Read More...
blog arrowDate: June 7, 2017


About Microsoft ADFS Configuration with FIM

FIM will accept ADFS SAML2 compliant metadata but cannot support ADFS to the same level as the Shibboleth reference implementation. If ADFS is going to be used, we recommend: Reviewing the known limitations of ADFS that have been documented here as well as by other federations:  https://www.ukfederation.org.uk/content/Documents/ADFS Understanding and planning for mitigation of the possible […]

Read More...
blog arrowDate: April 20, 2017