Support

Connecting to Pakistan Identity Federation (PKIFED)

For Identity Providers:

  1. Join PKIFED Federation
  2. Connecting as an Identity Provider (IdP)
  3. Register IdP Metadata

For Service Providers:

  1. Join PKIFED Federation
  2. Connecting as a Service Provider (SP)
  3. Register SP Metadata

Connecting as an Identity Provider (IdP):

Identity Provider Requirements:

  • Member of PKIFED Federation
  • Single Sign-On system such as Shibboleth IdP or SimpleSAMLphp and Directory Service such as LDAP, AD, etc
  • Provide, at minimum, the following attributes: 
    • displayName (urn:oid:2.16.840.1.113730.3.1.241)
    • email (urn:oid:0.9.2342.19200300.100.1.3)
    • eduPersonPrincipalName(urn:oid:1.3.6.1.4.1.5923.1.1.1.6)
    • eduPersonAffiliation (urn:oid:1.3.6.1.4.1.5923.1.1.1.1)
    • eduPersonTargetedID (urn:oid:1.3.6.1.4.1.5923.1.1.1.10)
    • organizationName (urn:oid:2.5.4.10)

Adding IdP metadata to the Federation metadata: Please follow the tutorial at the following link to register your IdP metadata.

Note: Your identity provider will become active with PKIFED within 24 hours after approval.

Local IdP configuration:

  • Follow the following link for configuration settings for Shibboleth IdP  Installation Guide for PKIFED Federation.

Production Metadata: https://rr.pern.edu.pk/rr3/signedmetadata/federation/PERN-Federation/metadata.xml
Metadata Signing Certificate: https://rr.pern.edu.pk/rr3/signedmetadata/metadata-signer.pem
PKIFED Federation Discovery Service:  http://wayf.pkifed.pk/DS/WAYF.php

Connecting as a Service Provider (SP):

Service Provider Requirements:

  • Member of PKIFED Federation
  • The Service Provider metadata’s will need to be added to production Federation metadata.
  • Currently, only Shibboleth SP and SimpleSAMLphp are supported by the Federation.

Adding SP metadata to the Federation metadata:

Please follow the tutorial at the following link to register your SP metadata.

Note: Your service provider will become active with PKIFED within 24 hours after approval.

Local Shibboleth SP configuration:

  • Follow the configuration settings for Shibboleth or SimpleSAMLphp SP Installation Guide for PKIFED Federation.

Production Metadata: https://rr.pern.edu.pk/rr3/signedmetadata/federation/PERN-Federation/metadata.xml
Metadata Signing Certificate: https://rr.pern.edu.pk/rr3/signedmetadata/metadata-signer.pem
PKIFED Federation Discovery Service:  http://wayf.pkifed.pk/DS/WAYF.php

Note: Your service provider will become active with PKIFED Federation within 24 hours after approval.