IAM - Onboarding a Service Provider (SP)

To onboard a new SP, a request should be made to iam-support@uwm.edu with the following information:

Note: If the SP is an InCommon participant IAM Support will only need FERPA and attribute requests if necessary. Integrating an InCommon SP usually just requires the SP technical contact to accept our IdP.
The SP technical contact should then either:
IAM staff will integrate the SP metadata and test if possible.

Helpful Information

  • Use of a filesystem metadata provider is strongly encouraged.
  • In cases where the SP does not fully support the SAML2 protocol the tecnical contact will need to describe the ways in which it deviates. Examples would include:
    • SP can not consume encrypted assertions.
    • SP requires SHA1 encryption.
    • SP requires attributes that either need to be computed or are not in the standard attribute set
      • For example, eduPersonEntitlement special values based on some other directory attribute.
    • SP is getting user identification from SAMLNameID rather than in the attribute statement.
    • If the SP does not have metadata the technical contact will need to provide IAM support with at minimum:
      • SP entityID
      • Assertion Consumer Service URL
      • If available an x509 certificate if signing and/or encryption is expected in addition to the contacts and attribute requirements.