Home » FIM Setup

FIM Setup

Federation Operator Practice: Metadata Registration Practice Statement

This template document is licensed under Creative Commons CC BY 3.0. You are free to share, re-use and adapt this template as long as attribution is given. This document draws on work carried out by the UK Access Management Federation and the ACOnet Identity Federation with gratitude. 1. Definitions and Terminology The key words “MUST”, […]

blog arrowDate: March 18, 2019


CANARIE is pleased to announce the addition of ADFSToolkit functionality to the Canadian Access Federation (CAF) Federated Identity Management (FIM) service. CANARIE and its partners have been working on a set of tools to augment existing ADFS Identity Provider installations. This set of tools is published by CANARIE as a Powershell module called ADFSToolkit, in […]

blog arrowDate: February 15, 2018

Common Settings and URLs for FIM Services

Production and Test Environments CANARIE’s FIM has two environments: Production environment for production facing services and high availability profile Test environment for non-production services with a best effort availability profile Your IdP or SP can participate in either or both environments as long as the operation of the IdP or SP complies with the most […]

blog arrowDate: September 19, 2017

Critical Configuration Policies

Configuring your Identity Provider or Service Provider is critical to the operation and security of the federation. The reference FIM software and the CANARIE IdP installer  are capable of adhering to these elements. Other software may not be. In cases where your chosen platform cannot meet these requirements, steps should be taken to mitigate the […]

blog arrowDate: August 5, 2017

Common IdP and SP Configuration Settings

Common steps for both the Shibboleth IdP and SP are to fetch the FIM Signing Key and to also configure Production and or Test aggregate fetching and validation.  These steps shape the foundation for the base configurations in CAF, which may branch into more in-depth information and links. Fetching FIM Signing Key Fetch the certificate […]

blog arrowDate: July 13, 2017

Reference Shibboleth IdP Configuration Settings

Configuring the Shibboleth IdP to Load and Validate metadata If you are using the IdP-Installer, this is automatically configured for you and you can skip this section. Recommended reading and authoritative reference for IdP metadata configuration can be found here: https://wiki.shibboleth.net/confluence/display/IDP30/MetadataConfiguration Adding FIM Production Aggregates to the Shibboleth IdP To add the FIM Production aggregates […]

blog arrowDate: June 15, 2017

Reference Shibboleth SP Configuration Settings

Configuring the Shibboleth Service Provider to load metadata The Shibboleth Service provider can be downloaded from the Shibboleth site for Unix or Windows platforms. The instructions that follow are for basic configuration and encourage review of the recommended readings for more detail. Recommended reading for Service Providers: For installation For metadata configuration Adding FIM Production […]

blog arrowDate: June 7, 2017

About Microsoft ADFS Configuration with FIM

FIM will accept ADFS SAML2 compliant metadata but cannot support ADFS to the same level as the Shibboleth reference implementation. If ADFS is going to be used, we recommend: Reviewing the known limitations of ADFS that have been documented here as well as by other federations:  https://www.ukfederation.org.uk/content/Documents/ADFS Understanding and planning for mitigation of the possible […]

blog arrowDate: April 20, 2017

Firewall and IP address recommendations

The table below summarizes the IP addresses and ports associated with the Canadian Federation-Level RADIUS servers (FLRs) for eduroam, and monitoring of IdP status for Federated Identity Management (FIM). CANARIE operates additional monitoring and operational tools for CAF services.  Participants are encouraged to use these tools and permit access to CANARIE on the listed ports […]

blog arrowDate: April 17, 2017