FAQ

I cannot login / forgot my password. Who can help me?

Please contact the Help Desk at your Home Organization.

How to verify the entity ID for your IdP?

All Federation Metadata of the Hong Kong Access Federation is managed using the HKAF Federation Registry.  Note that there is one Federation Registry for the Production Federation and one Federation Registry for the Test Federation.  The two federations are completely separate and independent.  You can access the Federation Registry by clicking the following links:

1. Production Federation

2. Test Federation

One you have logged in, click on the IdP /SP that you are concerned with.  The Overview tab contains the core information about the selected IdP /SP.  The Entity Descriptor is also known as the SAML entity ID.  This value must match the configuration for your Identity Provider or Service Provider.

An example entity ID for a Shibboleth Identity Provider might look like:

An example entity ID for a Shibboleth Service Provider might look like:

For a Shibboleth Identity Provider, the entity ID attribute is defined in the config file relying-party.xml under the elements <rp:DefaultRelyingParty> and <rp:AnonymousRelyingParty> as well as in attribute-resolver.xml under the <resolver:DataConnector> element.

For a Shibboleth Service Provider, the entity ID attribute is defined in the config file shibboleth2.xml under the <ApplicationDefaults> element.

The entity ID in the Federation Metadata MUST match the entity ID in your local configuration, otherwise federation endpoints will not be able to identify and refer to your IdP /SP.

Note that, if you want to change an entity ID on the Federation Registry side, you cannot do this as a normal user.  You will have to log a support call for a Federation Registry administrator to action this for you.