SAML Identity Provider Services

Standby SAML Identity Provider

This service will process SAML authentication requests on HEAnet infrastructure when HEAnet detects that the primary SAML Identity Provider service is unavailable on campus. The service includes Active Directory replication via VPN tunnel, the Identity Provider is based on Shibboleth or Microsoft Active Directory Federation Services.

StandbyIdP

Hosted SAML Identity Provider

With this service, HEAnet host a Shibboleth Identity Provider service on its infrastructure to authenticate users over a VPN tunnel to the campus Active Directory. The service includes the institutional branding, directory schema mapping, monitoring, maintenance and a allows for a hostname within the institutions DNS domain.

24×7 Support

The HEAnet NOC operates on a 24/7 basis for Priority 1 faults. A priority 1 fault counts as loss of service.

The on-call engineer can be contacted on + 353 1 6609 040. Emails to noc@heanet.ie are only monitored during normal business hours.

Managed SAML Identity Provider

HEAnet’s Managed SAML Identity Provider service provides remote monitoring and management of an institutions Shibboleth Identity Provider, this management extends to multiple instances whether on-campus or hosted by HEAnet. The service is designed to allow an institution to rely on HEAnet’s expertise for troubleshooting Shibboleth Identity Provider issues or planning for campus directory changes or co-ordination with new SAML service providers who are not Edugate compliant.

For further details, please contact noc@heanet.ie

Shibboleth Identity Provider Upgrade

Institutions who wish to upgrade their Identity Provider service between one major version and a subsequent version can follow guides provided by the Shibboleth consortium or avail of this HEAnet service. HEAnet will upgrade existing deployments ensuring customisations such as login pages, attribute resolution scripts or attribute release customisations are ported to the latest Shibboleth version. Prices vary by the number of Shibboleth nodes deployed and the number of bilateral services configured (if any). Please contact noc@heanet.ie for further details.

Bilateral SAML Configurations

HEAnet will engage with services providers to join Edugate and assist institutions availing of such member services at no charge to the institution. Where service providers do not wish to join Edugate and support SAML, HEAnet can configure a bilateral trust between the institutions identity provider service and the service provider. HEAnet has configured bilateral configurations for the services below, if a service is not listed, or for pricing information, please contact noc@heanet.ie.

Multifactor Authentication

HEAnet can integrate your existing DUO or Azure multifactor authentication services with all our SAML Identity Provider Service offerings.