Console | My SPs Menu
You can access the configuration for a Service Provider by either clicking on the name of the Service Provider on the dashboard, or by selecting the name of the Service Provider from the My SPs menu at the top of the page.
This guide is designed to make setting up your service provider/application in the Cirrus Console as smooth as possible.
Service Provider Metadata
Cirrus Products require minimal configuration when used with Service Providers from InCommon or one of the other eduGAIN federations. In the United States, InCommon is the Higher Education federation, and the metadata for service providers is managed with the Federation Manager App. If you are a member institution of InCommon (you can view the list on their Current InCommon Participants page), make sure your Service Provider is registered.
Cirrus Products work equally well with Service Providers that are not registered with a federation — there are just some additional steps to setup the metadata. Contact email@example.com and we can provide you with guidance.
Set SAML DiscoveryResponse In Metadata
One of the pieces of information that can be supplied about your SP to the InCommon Federation Manager is something called the "Discovery Response Endpoint". This information is usually generated by your SP software, but since it is not mandatory in the Federation Manager App, sometimes the information is not entered. This SAML
DiscoveryResponse endpoint must be entered into the form for your SP. If you have questions about what this endpoint value is, contact your campus/institution Identity Management group, and they should be able to help you figure out what this is. If not, contact firstname.lastname@example.org, and we can provide you with guidance.
Application Response Location
A SAML service provider needs to know where to send a user after he or she has authenticated and the service provider has handled the authentication request for the user. This location is the “application response location”, and it is a URL on your application which usually handles logging a user into the application itself.
Social Provider Configuration
The basic attributes for each service provider are configured at the top of the Gateway Service page. Help for each attribute is also provided on the page.
The Social Providers available for the Service Provider to authenticate are selected at the bottom of the Gateway Service page. Providers selected will be available for configuration, and later presentation in the Discovery Service.
The list of Social Providers that can be configure for each Service Provider are listed to the left. When initially enabled, the Cirrus Identity Console will indicate providers need to be configured. The mapping of the attributes for each Social Provider may also be accessed at the bottom of the list.
The Cirrus Discovery Service allows you to include both traditional Identity Providers (IdPs) like your home institution as well as social login options from the Cirrus Gateway in a unified login user interface that conforms to the SAML V2 Discovery Profile. The Discovery Service page in the Cirrus Console is where you configure which Identity Providers are allowed to access the Service Provider. See both Cirrus Discovery getting started and Using Discovery Service for more details.