It is likely that your IDP does not provide to the registry the required “mail” user attribute.

You can check that by yourself by connecting to the test and validation resource offered by RENATER (https://test-sp.federation.renater.fr/) with your home organization IDP (Click on “Connexion avec la fédération Éducation/Recherche” and then select your home organization IDP).
This test and validation resource allows to display all user attributes returned by the accessing user's home organization IDP.

You have to adapt the configuration of your IDP (attribute filter configuration file) accordingly if this attribute is actually not returned.

Once your CRU account is created, you can keep it indefinitely.
However, after a period of inactivity of 1 year, your CRU account will be automatically deleted.
In this case, you can if needed, recreate this account with the same email address by accessing to the CRU accounts management service : https://cru.renater.fr/sac/

No, you no longer need it.
If your organization is displayed in the discovery service list (https://discovery.renater.fr/renater), it means that you can use the account of your home organization instead of using a CRU account.

The visibility of SAML entities for an authenticated user is deduced from the email address returned by his connection IDP (i.e. home organization or CRU accounts IDP).

• For a user with the “entity manager” role : he will be able to see SAML entities for which on the entity managers email address (declared from the “Contacts” tab) matches the one returned by the connection IDP.
• For a user with the “orgnization manager” role : he will be able to see the set of SAML entities attached to his organization if on the orgnization managers email address (declared as part of the administrative registration procedure) matches the one returned by the connection IDP.

To ensure your organization appears in the list of organizations proposed by the registry, you must have done the administrative registration with RENATER beforehand (see §3.1).

In the event where this administrative registration with RENATER would already have been done but your organization is still missing in the list, please contact RENATER support team.

The registration in a production federation is not available if your SAML entity is still not attached to an organization (member or partner organization) registered with RENATER (see §3.1).

To do that, you have first to select an organization from the “Organization attachment” tab. The attachment request then must be validated by one of the two orgnization managers declared for this organization (see §5.1).

• For a member organization : the designated point of contact for your organization must perform the update directly through the PASS interface. Then you have to notify us of this update here.
• For a partner organization : please contact RENATER through our helpdesk.

The update of a manager email address can be performed directly through the federation registry from the editing page of your IDP or SP (“Contacts” tab) :

• Either by the manager of your organization (who have access to all SAML entities attached to your organization) ;
• Or directly by one of the manager declared for this SAML entity.

The rollover of SAML certificate for an IDP or SP is a sensitive operation.
In order to avoid any service interruption, please follow the instructions described on this page.

This is perfectly normal if your changes are not immediately visible into the metadata.

Indeed, when you submit changes for your SAML entity on the registry, you have to take into account :

1. the propagation delay of these changes into the metadata file version that you used for your SAML entity (preview,intermediate or main) ;
2. the metadata frequency reload configured at each SP/IDP (RENATER recommends it to be hourly).

Get more details on this page.

There is no prerequisite to have a CRU account. The service is open to all :

• Go to the CRU accounts management service : https://cru.renater.fr/sac/
• Fill in the account creation form ;
• Then you will receive a email ;
• Click on the link mentioned in this email to confirm the creation of your account ;
• Your account is activated and functionnal. You will received a second email to confirm that.

• Go to the CRU accounts management service : https://cru.renater.fr/sac/
• Access to the Password lost ? section from the menu to the left ;
• Enter your email address ;
• You will receive then an email with instructions to define a new password.

• Go to the CRU accounts management service : https://cru.renater.fr/sac/
• Log in with your account (if not already done) ;
• Access to the My account section from the menu to the left ;
• Define then a new password.

• Go to the CRU accounts management service : https://cru.renater.fr/sac/
• Log in with your account (if not already done) ;
• Access to the My account section from the menu to the left ;
• Access to the email editing page ;
• Enter your new email address ;
• An email is automatically sent to this new address. Follow the instructions including in this email to finalize the procedure.