Presentation
Authentication to the Compilatio service is done through identity federation EduGAIN via the Shibboleth software brick.
The EduGAIN federation brings together information from several identity federations including RENATER, a French identity federation.
Institutions cannot join the EduGAIN federation directly. They must be part of a national federation.
Some national federations include their entities in EduGAIN by default, others no.
Source: https://services.renater.fr/federation/documentation/generale/presentation-edugain
Features
SSO | Yes |
Type of authorized users | Teachers, school staff, doctoral students |
Customization possible ? | Yes, depending on feasibility and on estimate |
Prerequisites
The establishment must be registered with the French identity federation RENATER or any other federation included in the inter-federation EduGAIN (list of federations by country on the official website https://technical.edugain.org/status).
To verify this, simply list the institution in the link below:
https://www.compilatio.net/shibboleth
The identity provider must be SAML 2.0 compliant
Configuration of the Service Provider Compilation
Meta-data Compilatio:
https://metadata.federation.renater.fr/edugain-upstream/renater-edugain-upstr
eam-metadata.xml
SP (Service Provider) Compilatio version: 2.5.5
Attributes requested by the Service Provider (SP) Compilatio aux
Identity Providers (IdP) :
Required attributes
eduPersonPrimaryAffiliation | Main status of the person |
Usage: To identify the teacher of a student | |
eduPersonAffiliation | Status of the person |
Usage: To identify a teacher of a student | |
displayName | Full name with accents |
Usage: recovery of the name and first name | |
eduPersonPrincipalName | Unique institutional identifier |
Usage: User verification | |
Mailing address institutional electronics | |
Usage: User verification |
Optional attributes
supannEtablishment | Institution of affiliation administrative of the person |
Usage: To identify the establishment | |
eduPersonScopedAffiliation | Main category of user and organization of attachment administrative |
Usage: Identify the type of account | |
supannEntitePrincipalAssignment | Person's main assignment |
Usage: identify the component belonging to an institution | |
supannEntiteAssignment | The person's assignment(s) in a facility, a component, a service, etc. |
Usage: to identify a component belonging to an institution |
Access filter
List of possible membership values to access the Compilatio service:
- staff
- employee
- teacher
- faculty
- researcher
- emeritus
These values were selected based on usage statistics of some of the most used faculty, staff and doctoral students.
Access is not available for students, so values such as 'member' which may define a teacher at some institutions and students at others are not allowed.
Customized configuration on request
If your configuration does not include eduPersonPrimaryAffiliation or eduPersonAffiliation attributes, you can tell Compilatio the name of the attribute you want to apply your access filter to.
As this is not part of the standard authentication implementation framework, a quote will be issued by our sales team.
Steps to implement authentication
- Complete the information sheet provided
- Answer any additional questions from the Compilatio technical team
- Receive confirmation from Compilatio that the authentication is effective
---
Learn about other external authentication systems:
- External authentication with unfederated Shibboleth
- External authentication CAS (Central Authentication Service)
- External authentication LDAP (Lightweight Directory Access Protocol)
- External authentication with Microsoft Entra ID (previously Azure AD)