KNF:BRIN scoping/en: verschil tussen versies
| (18 tussenliggende versies door dezelfde gebruiker niet weergegeven) | |||
| Regel 1: | Regel 1: | ||
{{PageTitleCustom|title=Entree Federation BRIN scoping|name=Entree Federation|image=true|imageurl=KNF:Hoofdpagina/en}} |
{{PageTitleCustom|title=Entree Federation BRIN scoping|name=Entree Federation|image=true|imageurl=KNF:Hoofdpagina/en}} |
||
<br/> |
<br/> |
||
| + | Identity Providers like Learning Management Systems, are often being used by several different schools. Therefore these systems have a WAYF ('''W'''here '''A'''re '''Y'''ou '''F'''rom) screen where users have to select their school before logging in. In order to prevent users from having first to select their school on the WAYF screen from Entree Federation and subsequently select their school on the WAYF from the Identity Provider (i.e. the LMS), the BRIN scoping functionality can be implemented. |
||
| − | __TOC__ |
||
| − | Sommige Identity Providers worden door meerdere scholen gebruikt, dit is met name het geval bij Elektronische Leeromgevingen. Vaak hebben deze applicaties een eigen WAYF ('''W'''here '''A'''re '''Y'''ou '''F'''rom) scherm waar de gebruiker zijn school moet selecteren. Om te voorkomen dat een gebruiker eerst zijn school op het WAYF scherm van Entree Federatie moet selecteren en vervolgens nogmaals op het WAYF scherm van de Identity Provider, kan er gebruik gemaakt worden van BRIN scoping. Dit maakt het mogelijk om het tweede WAYF scherm over te slaan. |
||
| − | ''' |
+ | '''Attention:''' BRIN-scoping has also to be configured by Kennisnet for the specific Identity Provider. For this you can contact [https://support.kennisnet.org/Tickets/Submit Kennisnet]. |
| − | ==BRIN- |
+ | ==BRIN-number== |
| + | The Basisregistratie Instellingen (Basicregistration of Institutions or BRIN) is a register that is maintained by the Dutch Ministry of Education. Each educational institution within this registration is uniquely identified by a BRIN-number. This number consists of four alphanumeric characters. The BRIN-number can be supplemented with to extra digits to identify a specific location of the educational institution. This six character code is called a ''location BRIN'' or ''location number''. |
||
| − | De Basisregistratie Instellingen (BRIN) is een register dat door het Nederlandse Ministerie van OCW wordt beheerd. Iedere onderwijsinstelling wordt hierin geïdentificeerd aan de hand van een zogenaamd BRIN-nummer, bestaande uit vier alfanumerieke karakters. Het BRIN-nummer kan worden aangevuld met een tweecijferige code om een vestiging aan te duiden. Deze code van zes karakters wordt het vestigingsnummer genoemd. |
||
| − | + | Examples of BRIN-numbers: |
|
| − | * BRIN- |
+ | * BRIN-number: 99ZZ |
| − | * |
+ | * Location number: 99ZZ01 |
==Scoping== |
==Scoping== |
||
| − | Scoping is |
+ | Scoping is a part of the SAML 2.0 specification. Therefore BRIN scoping is only available for Identity Providers with a Entree Federation connection based on the SAML 2.0 protocol. |
| − | {{Info|Scoping |
+ | {{Info|Scoping allows a Service Provider to specify an Identity Provider in an AuthnRequest to a proxying Identity Provider. This is an indication to the proxying Identity Provider that the Service Provider will only deal with the Identity Provider specified in the ''<Scoping>'' element.}} |
| − | In |
+ | In the case of BRIN scoping the ''<Scoping>'' element contains the BRIN-number that is send within the AuthnRequest to the proxy Identity Provider to indicate the school that should be used for the authentication of the user. |
<syntaxhighlight lang="xml"> |
<syntaxhighlight lang="xml"> |
||
| Regel 33: | Regel 32: | ||
</syntaxhighlight> |
</syntaxhighlight> |
||
| − | + | The ''ProviderID'' attribute of the ''IDPEntry'' element contains the BRIN number from the school the user selected on the Entree Federation WAYF screen. |
|
| − | |||
| − | {{Warn| Het kan voorkomen dat het AuthnRequest geen ''<Scoping>'' element bevat. Dit gebeurt in het scenario wanneer de gebruiker geen school hoeft te selecteren op het WAYF scherm van Entree Federatie, omdat er een SSO notificatie cookie beschikbaar is (meer informatie over [[KNF:SSOnotification | SSO notificatie]]). <br/> |
||
| − | Als de proxy Identity Provider dan geen andere methode heeft om vast te stellen bij welke school de gebruiker hoort, dan zal deze alsnog een WAYF scherm moeten tonen.}} |
||
| + | {{Warn| In some situations the AuthnRequest won't contain a ''<Scoping>'' element. This happens when the user doesn't have to select his school on the Entree Federation WAYF screen, because there is an SSO notifcation cookie available (more information on [[KNF:SSOnotification/en | SSO notification]]). <br/> |
||
| + | When the proxy Identity Provider has no other method to establish to which school the user belongs, the application of the proxy Identity Provider still has to show a WAYF screen.}} |
||
Huidige versie van 18 okt 2018 om 10:10
Entree Federation: Entree Federation BRIN scoping
 Nederlands
|
 English
|
Identity Providers like Learning Management Systems, are often being used by several different schools. Therefore these systems have a WAYF (Where Are You From) screen where users have to select their school before logging in. In order to prevent users from having first to select their school on the WAYF screen from Entree Federation and subsequently select their school on the WAYF from the Identity Provider (i.e. the LMS), the BRIN scoping functionality can be implemented.
Attention: BRIN-scoping has also to be configured by Kennisnet for the specific Identity Provider. For this you can contact Kennisnet.
BRIN-number
The Basisregistratie Instellingen (Basicregistration of Institutions or BRIN) is a register that is maintained by the Dutch Ministry of Education. Each educational institution within this registration is uniquely identified by a BRIN-number. This number consists of four alphanumeric characters. The BRIN-number can be supplemented with to extra digits to identify a specific location of the educational institution. This six character code is called a location BRIN or location number.
Examples of BRIN-numbers:
- BRIN-number: 99ZZ
- Location number: 99ZZ01
Scoping
Scoping is a part of the SAML 2.0 specification. Therefore BRIN scoping is only available for Identity Providers with a Entree Federation connection based on the SAML 2.0 protocol.
|
Scoping allows a Service Provider to specify an Identity Provider in an AuthnRequest to a proxying Identity Provider. This is an indication to the proxying Identity Provider that the Service Provider will only deal with the Identity Provider specified in the <Scoping> element. |
In the case of BRIN scoping the <Scoping> element contains the BRIN-number that is send within the AuthnRequest to the proxy Identity Provider to indicate the school that should be used for the authentication of the user.
<AuthnRequest>
...
<Scoping>
<IDPList>
<IDPEntry ProviderID="99ZZ" />
</IDPList>
...
</Scoping>
...
</AuthnRequest>
The ProviderID attribute of the IDPEntry element contains the BRIN number from the school the user selected on the Entree Federation WAYF screen.
|
In some situations the AuthnRequest won't contain a <Scoping> element. This happens when the user doesn't have to select his school on the Entree Federation WAYF screen, because there is an SSO notifcation cookie available (more information on SSO notification). When the proxy Identity Provider has no other method to establish to which school the user belongs, the application of the proxy Identity Provider still has to show a WAYF screen. |