CARSI SP申请和接入流程 (CARSI SP joining process)
一、在线提交申请前(Before submitting joining application online)
第一步:了解CARSI项目、CARSI IdP和SP、SP加入CARSI基本要求。
Step 1, Understand CARSI project, IdP and SP, basic requirements for joining CARSI and launching application resources.
相关文档参见:https://www.carsi.edu.cn、CARSI基本概念 、CARSI介绍文档、SP加入CARSI基本要求(Basic requirements for joining CARSI).
Please refer to: https://www.carsi.edu.cn, CARSI基本概念 ,CARSI介绍文档,SP加入CARSI基本要求(Basic requirements for joining CARSI).
二、在线提交申请阶段(Submit joining application online phase)
第二步:通过https://www.carsi.edu.cn/join_zh.htm ,在线提交加入申请。
Step 2, Join through https://www.carsi.edu.cn/join_en.htm , submit online application.
这是CARSI联盟目前唯一支持的申请方式。请主动联系两所IdP服务已在CARSI上线的高校,作为应用服务提供商的推荐单位,推荐确认方式请参考:CARSI常见问题--我是资源提供方(SP)#11.-提交申请后,我如何联系到两所推荐学校的老师?联系该校的哪位老师?
This is the only way to join CARSI. Before applying online. Please contact 2 CARSI IdP members, a SP member must have 2 full members as the referrer,please refer to the recommended confirmation method: CARSI常见问题--我是资源提供方(SP)#11.-提交申请后,我如何联系到两所推荐学校的老师?联系该校的哪位老师?
第三步:仔细阅读”SP会员申请表&承诺书“及相关材料,确认无误后,打印申请成功邮件的附件pdf,签字盖章后,按照邮件提示,邮寄纸质申请材料。
Step 3, Read "SP Member Requirements and Commitments" carefully, print(pdf), sign, seal the application form, send the hard copy to CARSI team.
CARSI联盟运行团队收到材料后对申请单位进行审核。目前,CARSI联盟仅面向教学、科研相关应用提供服务。
CARSI team will review and approve your membership request once all the materials are received. At the current stage, CARSI only accepts the requests from applications serving Education and Research.
第四步:提交介绍文档。
Step 4, Providing product introduction document.
添加新应用资源/产品前需提交产品介绍(邮件发送给carsi@pku.edu.cn)。
Before adding new application resources or products, you should submit the product introduction (email to carsi@pku.edu.cn).
首次加入CARSI的资源厂商,该内容包含在 SP提供商公司及产品介绍模板(SP Introduction Template 中的“资源供应商SP信息”。
SP joins CARSI federation for the first time, the content included in the "Service Provider Introduction" of SP提供商公司及产品介绍模板(SP Introduction Template).
已上线的资源厂商增加新资源,该文档需单独提供,内容模板参见 SP提供商公司及产品介绍模板(SP Introduction Template) 中的“产品介绍信息”。已上线资源厂商提供新资源至少提供两家在执行期内且具有法律效力的高校采购合同。
Online SP adds a new resource, this document needs to be provided. For the content template, please refer to the "Product Introduction" of SP提供商公司及产品介绍模板(SP Introduction Template). Online SP need to provide at least 2 school pruchase contracts that are valid and enforceable.
第五步:和CARSI项目组确认上述申请加入CARSI的相关材料准备齐全后,CARSI专家组开始评估,请等待审核。
Step 5, After confirming the relevant documents for the above application to join CARSI are ready, the CARSI team begins to review,please wait for the approval of your membership.
三、技术调试前(Before technical debug)
第六步:开始调试前请仔细阅读CARSI基本调试要求(CARSI Basic Debugging Requirements)。
Step6, Please read CARSI基本调试要求(CARSI Basic Debugging Requirements) carefully before starting debugging.
第七步:添加SP单位介绍文档
Step7, Add your SP Introduction document.
登陆 CARSI会员自服务系统,用户名为申请时填写的单位域名,缺省密码为申请时填写的项目负责人手机号,首次登录后请修改密码。在”我的CARSI“-”基本信息“页面根据模板文件添加SP单位的介绍文档。
Login CARSI Online Helpdesk (Username is your domain in the application form, default password is the Project Manager's Chinese Mobile number), please change your password after login. On MyCarsi->Basic page, add your SP Introduction document.
四、技术调试阶段(Technical debug phase)
第八步:收到审核通过邮件后,开始SP接入技术调试。
Step 8, Once the membership is approved, debug with CARSI team.
根据SP情况的不同,目前CARSI联盟支持3种SP接入方案,可选择使用其中的一种。
There are 3 approaches to debug your SP with CARSI, you can choose one based on you SP's situation.
1.SP已经接入eduGAIN (This SP has already joined eduGAIN):
对于已加入eduGAIN的SP,CARSI联盟使用该SP在eduGAIN的metadata信息。SP所属单位需要在 CARSI会员自服务系统 中添加SP,提供SP名称、简介、服务的用户访问地址、在eduGAIN中的SP EntityID、联系人等信息。详细流程参见:1. eduGAIN SP接入(Joining CARSI for eduGAIN SP)。
This SP has already joined eduGAIN. CARSI will retrieve the metadata from eduGAIN, you need to add a SP in CARSI Online Helpdesk, providing SP name, description, service address, SP EntityID which can be located in eduGAIN metadata feed. Please refer to 1. eduGAIN SP接入(Joining CARSI for eduGAIN SP) for details.
2.自建Shibboleth SP接入 (A new Shibboleth SP):
这种方式适用于应用系统已经支持Shibboleth认证、已实现Shibboleth SP、但尚未加入eduGAIN的情况,或适用于希望新建/改建应用系统的认证授权部分以支持CARSI接入的情况。此方式需SP服务提供单位自主安装Shibboleth SP来保护待接入的应用系统,并将该SP接入到CARSI联盟。详细流程参见: 2. 自建Shibboleth SP接入(Joining CARSI for Shibboleth SP)。
This is a new Shibboleth SP, thie case is suitible for creating/updating the login part of your existing application to support CARSI access. You need to install and configure your Shibboleth SP to protect your application, and use this Shibboleth SP to join CARSI. Please refer to 2. 自建Shibboleth SP接入(Joining CARSI for Shibboleth SP) for details.
3.通过CARSI SP OAuth网关接入(Joining CARSI for OAuth SP):
通过CARSI联盟提供的SP+OAuth环境,将现有的应用系统以OAuth的方式,接入CARSI,由SP+Oauth网关代表应用系统来支持Shibboleth SP功能,应用系统无需自己搭建Shibboleth SP服务。此方式对应用系统改动小、部署速度快、接入流程简单。要求应用系统支持OAuth 2.0协议。详细流程参见:3. 通过CARSI SP OAuth网关接入(Joining CARSI for OAuth SP)。
Join your existing application into CARSI through CARSI SP OAuth gateway. SP+OAuth gateway acts as the Shibboleth SP, your application dose not need a dedicated Shibboleth SP. In this case the changes to your existing application are limited, your application should support OAuth 2.0 (acts as an OAuth client). Please refer to 3. 通过CARSI SP OAuth网关接入(Joining CARSI for OAuth SP) for details.
第九步:上线试运行期间需完成
Step 9, During the trail run.
试运行期间,SP实体被添加到产品环境,功能上已经可以使用了。但服务还没有在CARSI网站SP成员列表公布。SP管理员可在此期间检查正式提供服务的准备工作是否都完成,如切换资源页面、为学校开放权限、准备产品环境的用户访问流程文档等。
During the trail run, your SP entity is added to CARSI production envirment,the SP is already functional. However it is not listed on the CARSI SP product list page yet. Please ensure all the preparations before your SP could officially provide services to CARSI members are ready, eg. your web page for CARSI login, resource management for CARSI members, the docs, etc.
请开通北京大学线上环境IdP(https://idp.pku.edu.cn/idp/shibboleth)的访问权限,方便以北京大学IdP为例进行服务测试。如果北京大学不是贵司的采购用户,在测试通过后可取消相关权限。
Please enable the access for Peking University official IdP (https://idp.pku.edu.cn/idp/shibboleth), the production test is based on this IdP. If Peking University is not a customer of your resources, feel free to disable the access after the test finishes.
请在 CARSI会员自服务系统中添加(我的SP资源)用于在CARSI资源门户、CARSI的SP成员列表等页面展示贵单位资源(产品)的实体,包括用户访问流程、学校服务开通流程2份文档(docx格式,万一有小问题我们可以直接帮助您修改)。
Please add your resources (including docx format User Visit Guide & IdP Appending Guide) through CARSI Online Helpdesk (My SP Resources), these resources will be used to show your resources(products) on CARSI Resource Portal, CARSI SP product list pages.
自服务系统,“我的SP资源”填写规范:
CARSI会员自服务系统,"My SP Resources" information filling rules:
1)“资源访问地址”须与"访问流程"文档里的访问地址保证一致。
The resource visiting address must be the same as the visiting address in the "user visiting guide".
2)“SP资源试用及购买政策“编辑栏可参照 CARSI官网https://www.carsi.edu.cn/SPpref.html 填写,内容与“服务开通”文档保持一致。
SP fill out the "resource trail & purchase policy", you can refer to https://www.carsi.edu.cn/SPpref.html to fill out, consistent with the content of the "IdP appending guide".
和北大CARSI团队老师一起完成SP上线复测。
Finish all the testing with PKU CARSI Team.
五、正式发布阶段(Official online phase)
第十步:CARSI网站SP成员列表公布,正式提供服务。
Step 10, Officially online, and be shown on CARSI SP product list page.
确认文档、测试全部无误后,给 carsi@pku.edu.cn发送邮件,申请正式在CARSI网站SP成员列表公布该SP。
Once everything mentioned above is ready, send a mail to carsi@pku.edu.cn to apply officially online your SP, it will be shown on SP product list page then.
第十一步:上线后无法再自助修改metadata(已加入eduGAIN的SP除外,CARSI每天自动从eduGAIN中获取最新的SP信息同步到本地metadata)及用户访问指南、IdP添加指南文档。如上线后确需更改,请联系CARSI团队。联系邮箱: carsi@pku.edu.cn.
Step 11, Once the SP is official online, the SP metadata(except for the eduGAIN SPs, in which cases we sync fron eduGAIN everyday to refresh SP metadata info) and the documents are not allowed to be modified. For any special cases you really need to modify the SP info, please contact CARSI team through email: carsi@pku.edu.cn.
Related pages
版权所有©北京大学计算中心