5. How do I register my Service Provider?

On your Windows Server machine, point your browser at http://localhost/Shibboleth.sso/Metadata (that URL will work for the default web site - the 'http://localhost' portion may vary for your configuration, it represents the root of your webapp) and save the metadata response in a file (called 'Metadata', for example).

In line with the UK Federation registration guidelines, attach the Metadata file to an email containing the information listed in the UK Federation SP registration pages, and send it to Oxford's Shibboleth management liaison who will verify the information provided and then submit an SP registration request on your behalf to the UK Federation.

Verification of the information you have provided to the Shibboleth Management liaison will include verification of the SP signing certificate's fingerprint. The default path to the file containing the certificate is C:\opt\shibboleth-sp\etc\shibboleth\sp-cert.pem. Windows does not recognise the 'pem' file extension so to extract the fingerprint from the certificate you have two options, both of which will have the same effect. Follow either the Script Method to run a script to display the certificate fingerprint using familiar Windows dialogues, or follow the Extension Renaming Method so the Windows OS recognises the file as a certificate.

5.1. Script Method

Download a Windows PowerShell Fingerprint script and run it with PowerShell to select the SP signing certificate and display the fingerprint using familiar Windows dialogues, regardless of whether the extension is 'pem' or 'crt'.

5.2. Extension Renaming Method

Copy the SP signing certificate to a new filename first ('sp-cert - Copy.pem') and then change its extension from '.pem' to '.crt' so that Windows recognises the file as a certificate. You can then right-click the '.crt' file in Windows Explorer and select 'Open'. When the Certificate dialogue box opens click on the 'Details' tab, scroll down to the 'Thumbprint' entry and select it. Once you have verified the fingerprint with the UK Federation you can delete the 'sp-cert - Copy.crt' file.

Up: Contents Previous: 4. How do I configure the Shibboleth SP software after installation? Next: 6. What next?