Skip to content Skip to site navigation Skip to service navigation

FarmFed

Overview

FarmFed is Stanford's local trust federation and its primary function has been to provide WebAuth-based single sign-on functionality to both Stanford and off-campus service provider websites. FarmFed's members consist of identity providers (see below) and service providers.

How to Join FarmFed

The first step in adding a new SP to FarmFed is to have the Shibboleth administrators install the SP's metadata on the IdP servers.  For SPs running Shibboleth, this is usually very straight forward as the Shibboleth software has a built in metadata generator when you access a particular URL at your site. For example, see https://shib-dev3.stanford.edu/Shibboleth.sso/Metadata. Depending on how exactly your site is configured, you should be able to download your own metadata by subbing in the appropriate hostname in that URL. For non-Shibboleth sites that support SSO with a Shibboleth IdP, the format of the metadata will vary (e.g. see the Google setup) but the administrators of the site should be able to provider either a link or file to include in your request.

After the SP's metadata is installed on the IdP servers you will be able to configure your SP for FarmFed and start testing. If your site is running Shibboleth, please see the Installing and Configuring Shibboleth Service Providers page to see how to configure.

Non-Shibboleth sites like Google and Salesforce often need to be configured with a single sign-on URL and SSL certificate (see below). View an IdP's metadata to find the available SingleSignOnService profiles; the most common are https://idp.stanford.edu/idp/profile/SAML2/POST/SSO and https://idp.stanford.edu/idp/profile/SAML2/Redirect/SSO.

Attributes

If the SP requires personal identifying information for a logged in user, please see the Attribute Release Policy for information on how to request.

Metadata and SSL Certificates of FarmFed Identity Providers for Service Providers

Production

  • EntityID: https://idp.stanford.edu/
  • Metadata: IdP-only metadata
  • SSL certificate: idp.crt
  • Authentication system: WebAuth

​​UAT

  • EntityID: https://idp-uat.stanford.edu/ (note: encryption on idp-uat is now SHA-256 only)
  • Metadata:  IdP-only metadata
  • SSL certificate: idp-uat.crt
  • Authentication system: WebAuth

Additional identity providers coming soon.

Last modified August 10, 2016