CARSI SP申请和接入流程 (CARSI SP joining process)

第一步:了解CARSI项目、CARSI IdP和SP。

Step 1, Understand CARSI project, IdP and SP.

        相关文档参见:https://www.carsi.edu.cnCARSI基本概念 和 CARSI介绍文档

        Please refer to: https://www.carsi.edu.cnCARSI基本概念 and  CARSI介绍文档

第二步:通过https://www.carsi.edu.cn/join_zh.htm,在线提交加入申请。

Step 2, Join through https://www.carsi.edu.cn/join_en.htm, submit online application

        这是CARSI联盟目前唯一支持的申请方式。请联系两所IdP服务已在CARSI上线的高校,作为应用服务提供商的推荐单位, CARSI在审批贵单位会员资格时需要这2所高校的确认。

        This is the only way to join CARSI. Before applying online. Please contact 2 CARSI IdP members, a SP member must have 2 full members as the referrer, CARSI needs the confirmations from these 2 IdP members before approving your membership.

第三步:仔细阅读”SP会员申请表&承诺书“及相关材料,确认无误后,打印申请成功邮件的附件pdf,签字盖章后,按照邮件提示,邮寄纸质申请材料。

Step 3, Read "SP Member Requirements and Commitments" carefully, print(pdf), sign, seal the application form, send the hard copy to CARSI team.

        CARSI联盟运行团队收到材料后对申请单位进行审核。目前,CARSI联盟仅面向教学、科研相关应用提供服务。

        CARSI will review and approve your membership request once all the materials are received. At the current stage, CARSI only accepts the requests from applications serving Education and Research.

第四步:收到审核通过邮件后,开始SP接入技术调试。

Step 4, Once the membership is approved, debug with CARSI. 

根据SP情况的不同,目前CARSI联盟支持3种SP接入方案,可选择使用其中的一种。SP文档提交及信息修改等工作,可通过CARSI会员自服务系统 完成。

There are 3 approaches to debug your SP with CARSI, you can choose one based on you SP's situation. You can subbmit your documents through CARSI Online Helpdesk.

1. 在向CARSI提交申请之前,SP已经接入eduGAIN (Before joining CARSI, this SP has already joined eduGAIN):

        对于已加入eduGAIN的SP,CARSI联盟使用该SP在eduGAIN的metadata信息。SP所属单位需要在 CARSI会员自服务系统 中添加SP,提供SP名称、简介、服务的用户访问地址、在eduGAIN中的SP EntityID、联系人等信息。详细流程参见:1. eduGAIN SP接入(Joining CARSI for eduGAIN SP)

        Before joining CARSI, this SP has already joined eduGAIN. CARSI will retrieve the metadata from eduGAIN, you need to add a SP in CARSI Online Helpdesk, providing SP name, description, service address, SP EntityID which can be located in eduGAIN metadata feed. Please refer to 1. eduGAIN SP接入(Joining CARSI for eduGAIN SP) for details.

        2. 自建Shibboleth SP接入 (a new Shibboleth SP):

        这种方式适用于应用系统已经支持Shibboleth认证、已实现Shibboleth SP、但尚未加入eduGAIN的情况,或适用于希望新建/改建应用系统的认证授权部分以支持CARSI接入的情况。此方式需SP服务提供单位自主安装Shibboleth SP来保护待接入的应用系统,并将该SP接入到CARSI联盟。详细流程参见: 2. 自建Shibboleth SP接入(Joining CARSI for Shibboleth SP)

        This is a new Shibboleth SP, thie case is suitible for creating/updating the login part of your existing application to support CARSI access. You need to install and configure your Shibboleth SP to protect your application, and use this Shibboleth SP to join CARSI. Please refer to 2. 自建Shibboleth SP接入(Joining CARSI for Shibboleth SP) for details.

        3. 使用CARSI提供的SP OAuth网关接入(join CARSI through the CARSI SP OAuth gateway):

        通过CARSI联盟提供的SP+OAuth环境,将现有的应用系统以OAuth的方式,接入CARSI,由SP+Oauth网关代表应用系统来支持Shibboleth SP功能,应用系统无需自己搭建Shibboleth SP服务。此方式对应用系统改动小、部署速度快、接入流程简单。要求应用系统支持OAuth 2.0协议。详细流程参见:3. 通过CARSI SP OAuth网关接入(Joining CARSI for OAuth SP)

        Join your existing application into CARSI through CARSI SP OAuth gateway.  SP+OAuth gateway acts as the Shibboleth SP, your application dose not need a dedicated Shibboleth SP. In this case the changes to your existing application are limited, your application should support OAuth 2.0 (acts as an OAuth client). Please refer to 3. 通过CARSI SP OAuth网关接入(Joining CARSI for OAuth SP) for details.

第五步:完成技术调试后,邮件联系CARSI联盟北大团队,申请复测及服务上线。联系邮箱:carsi@pku.edu.cn

Step 5, Once the debug process is complete, contcact CARSI team to apply a test and online operation.  Email: carsi@pku.edu.cn

第六步:上线后无法再自助修改metadata(已加入eduGAIN的SP除外,CARSI每天自动从eduGAIN中获取最新的SP信息同步到本地metadata)及用户访问指南、IdP添加指南文档。如上线后确需更改,请联系CARSI团队。联系邮箱: carsi@pku.edu.cn

Step 6, Once the SP is official online, the SP metadata(except for the eduGAIN SPs, in which cases we sync fron eduGAIN everyday to refresh SP metadata info) and the documents are not allowed to be modified. For any special cases you really need to modify the SP info, please contact CARSI team through email: carsi@pku.edu.cn