RNP - Rede Nacional de Ensino e Pesquisa

english | español



The Federation recommends its participants to adopt the following uses:

Identity Management

  • Have procedures established to manage users and their attributes;
  • Inform users on best practices regarding the use and confidentiality of passwords and the need to replace them periodically;
  • Enabling each user to determine which attributes are sent to each service. When this is not possible, tell users which attributes are sent without its consent.


  • Ensure the high availability of the IdP;
  • Hold a technical team ready to operate the IdP


  • Monitor the IdP by monitoring logs (Operational System, SSO Software, Application Container, etc.);
  • Keep log files for at least six months;
  • Provide necessary information to investigate security incidents;
  • Keep the server's clock synchronized with an NTP server;
  • Monitor the validity of certificates used;
  • Document changes made to the server;
  • Keep the operational system and other software up to date by applying all the critical changes;
  • Update the metadata file every hour;
  • Use only the official servers of CAFe as a source of metadata;
  • Hold an user with read-only permission for consultation on the IdP’s data source;
  • Own servers (physical or virtual) separated for each application (e.g.: Shibboleth, EID, OpenLDAP, etc.);
  • Keep backup of the IdP’s configuration;
  • Follow the scripts prepared by the Federation’s support team using the applications suggested and supported.