相关文档参见:https://www.carsi.edu.cn、CARSI基本概念 和 CARSI介绍文档。
Please refer to: https://www.carsi.edu.cn, CARSI基本概念 and CARSI介绍文档。
这是CARSI联盟目前唯一支持的申请方式。请联系两所IdP服务已在CARSI上线的高校,作为应用服务提供商的推荐单位, CARSI在审批贵单位会员资格时需要这2所高校的确认。
This is the only way to join CARSI. Before applying online. Please contact 2 CARSI IdP members, a SP member must have 2 full members as the referrer, CARSI needs the confirmations from these 2 IdP members before approving your membership.
CARSI联盟运行团队收到材料后对申请单位进行审核。目前,CARSI联盟仅面向教学、科研相关应用提供服务。
CARSI will review and approve your membership request once all the materials are received. At the current stage, CARSI only accepts the requests from applications serving Education and Research.
根据SP情况的不同,目前CARSI联盟支持3种SP接入方案,可选择使用其中的一种。SP文档提交及信息修改等工作,可通过CARSI会员自服务系统 完成。
There are 3 approaches to debug your SP with CARSI, you can choose one based on you SP's situation. You can subbmit your documents through CARSI Online Helpdesk.
1. 在向CARSI提交申请之前,SP已经接入eduGAIN (Before joining CARSI, this SP has already joined eduGAIN):
对于已加入eduGAIN的SP,CARSI联盟使用该SP在eduGAIN的metadata信息。SP所属单位需要在 CARSI会员自服务系统 中添加SP,提供SP名称、简介、服务的用户访问地址、在eduGAIN中的SP EntityID、联系人等信息。详细流程参见:1. eduGAIN SP接入(Joining CARSI for eduGAIN SP)。
Before joining CARSI, this SP has already joined eduGAIN. CARSI will retrieve the metadata from eduGAIN, you need to add a SP in CARSI Online Helpdesk, providing SP name, description, service address, SP EntityID which can be located in eduGAIN metadata feed. Please refer to 1. eduGAIN SP接入(Joining CARSI for eduGAIN SP) for details.
2. 自建Shibboleth SP接入 (a new Shibboleth SP):
这种方式适用于应用系统已经支持Shibboleth认证、已实现Shibboleth SP、但尚未加入eduGAIN的情况,或适用于希望新建/改建应用系统的认证授权部分以支持CARSI接入的情况。此方式需SP服务提供单位自主安装Shibboleth SP来保护待接入的应用系统,并将该SP接入到CARSI联盟。详细流程参见: 2. 自建Shibboleth SP接入(Joining CARSI for Shibboleth SP)。
This is a new Shibboleth SP, thie case is suitible for creating/updating the login part of your existing application to support CARSI access. You need to install and configure your Shibboleth SP to protect your application, and use this Shibboleth SP to join CARSI. Please refer to 2. 自建Shibboleth SP接入(Joining CARSI for Shibboleth SP) for details.
3. 使用CARSI提供的SP OAuth网关接入(join CARSI through the CARSI SP OAuth gateway):
通过CARSI联盟提供的SP+OAuth环境,将现有的应用系统以OAuth的方式,接入CARSI,由SP+Oauth网关代表应用系统来支持Shibboleth SP功能,应用系统无需自己搭建Shibboleth SP服务。此方式对应用系统改动小、部署速度快、接入流程简单。要求应用系统支持OAuth 2.0协议。详细流程参见:通过CARSI SP OAuth网关接入。
Join your existing application into CARSI through CARSI SP OAuth gateway. SP+OAuth gateway acts as the Shibboleth SP, your application dose not need a dedicated Shibboleth SP. In this case the changes to your existing application are limited, your application should support OAuth 2.0 (acts as an OAuth client). Please refer to 3. 通过CARSI SP OAuth网关接入(Joining CARSI for OAuth SP) for details.