SP registration
Shibboleth SPs normally need to have pre-arranged relationships with the Identity Providers (IdPs) against which they want to authenticate. This allows the SPs to choose which IdPs they trust, and the IdPs to decide what information they want to release to which SPs.
This is commonly managed by joining one or more 'federations' and registering SPs with them. Federations are administrative organisations that reduce the need for each SP to register individually with each IdP with which it wants to interwork. Operators of SPs in the University currently have the following choices.
Remain Anonymous
The Raven IdP is unusual in that it will provide authentication services and some attributes to SPs that it knows nothing about. As a result it is possible to completely avoid registration. The downside to this is that Raven will describe such a service as an 'Unknown Service Provider' when asking people for permission to release information to it, and only a limited number of attributes will be released (see Attributes released by the Raven IdP - Completely unregistered. In addition, attempts to use the Browser/Artifact protocol will fail (with the SP reporting an 'opensaml::BindingException' with the reason 'Invalid HTTP method (POST)').
However one of the attributes that is released carries the authenticated user's 'eduPerson Principal Name' which includes their CRSid. This may be sufficient for replacing UcamWebauth-based functionality.
An anonymous SP is unlikely to be able to authenticate users against any IdPs other than the one provided by Raven.
Register in the 'Ucam federation'
University SPs that are registered in either the 'Ucam federation' or the UK federation receive a much larger list of attributes - see Attributes released by the Raven IdP - Registered SPs and Attributes released by the Raven IdP University SPs.
