Singapore Access Federation (SGAF)
A SAML 2.0 Federated Identity Management System for Singapore's R&E community
Local Entity Requirements to Join the SGAF
- Member of SingAREN
- Acceptance of the Singapore Access Federation Rules
Service Provider (SP) Requirements
- SAML2.0 compatible Service Provider such as Shibboleth SP
Identity Provider (IdP) Requirements
- SAML 2.0 compatible Identity Provider such as ADFS, Shibboleth IdP, etc or a directory service such as AD, LDAP, etc
- Provide at minimum, the following core attributes
- displayName (oid:2.16.840.1.113718.104.22.168)
- email (oid:0.9.2342.19200300.100.1.3)
- eduPersonPrincipalName (oid:22.214.171.124.4.1.59126.96.36.199.6)
- eduPersonPrimaryAffiliation (oid:188.8.131.52.4.1.59184.108.40.206.1)
- eduPersonAffiliation (oid:220.127.116.11.4.1.5918.104.22.168.1)
- eduPersonTargetedID (oid:22.214.171.124.4.1.59126.96.36.199.10)
- organizationName (oid:188.8.131.52)
Note: If your institution only has a directory service, a SAML2.0 IdP needs to be installed and connected to the directory service before connecting to the SGAF. Please follow the Shibboleth IdPv3 Installer by AAF Guide.
The SGAF Metadata is an important part of the SAML Federation. In essence, it is a directory of registered, trusted and approved entities within the SGAF, allowing only Identity Providers (IdP) and Service Providers (SP) found within the metadata to communicate with each other.
The SGAF Metadata Registration Practice Statement (MRPS) describes the metadata management process conducted by the SGAF Federation Operator.
The SGAF SAML Web Single Sign-On Technology Profile defines a standard that enables Identity Providers and Relying Parties to create and use Web Single Sign-On services with SAML.
Connecting to the SGAF
Please contact firstname.lastname@example.org if you are experiencing any technical issues related to the SGAF.