The management application provides an interface for administrators of federation member institutions to maintain the data that is necessary for participating in the federation.
Administrators can log in using either Social Networks or the AAI Federation:
Social networks that have been enabled for authenticating users to the management application are listed under the Manage drop-down menu. Once authenticated, a user may need to assert any missing information that is required by the application (such as an e-mail address). After that, the user can proceed with activation.
Authentication and authorization are carried out through a Shibboleth SP.
The following attributes are required for administrators and must be released by their home IdPs to the SP according to the policy and procedures documentation provided by the RIF:
|eduPersonPrincipalName||Provides a string that uniquely identifies an administrator in the management application.|
|eduPersonEntitlement||A specific URN value must be provided to authorize an administrator: urn:mace:renu.ac.ug:pki:user|
|The e-mail address (one or more) of the administrator. It is used for notifications from the management application. It may also be used for further communication, with prior consent.|
|givenName (optional)||The person's first name.|
|sn (optional)||The person's last name.|
Once attribute release is setup properly an administrator can login to the management application.
After the first login, administrators are asked to associate their account with the institution they want to manage. Their choice must then be ratified by the operators of their management application. Following that, they will be notified through e-mail and they will then be able to start using the management application.
Among other things, the metadata provided by administrators through the management application are used to compile database data for the federation: institution.xml, ro.xml, realm_data.xml