InCommon has launched a new centralized Federated Error Handling Service for use by all Service Providers (SPs) in the federation. The goal is to provide a better experience for users in the event that they are unable to access a federated service, which will help prevent them from becoming confused or frustrated.
In many situations, the identity provider (IdP) does not provide the SP with sufficient information (attributes) to make an access control decision. Just telling a user that “the necessary attributes are not being released” usually does not help. We need to give users information and tools that will help them solve their problems.
Using this new service, SPs can automatically generate simple but effective error pages for the end user. These dynamic error pages rely on the Error Handling URL in IdP metadata, which provides a pointer to a comprehensive IdP support page for users that experience difficulties during federated login.
In order for this service to work effectively, IdP operators need to add the Error Handling URL in their metadata.
SP operators use the Federated Error Handling Service to automatically build and display a custom error page. The service takes advantage of MDUI elements in metadata to customize an SP-branded page displaying the SP’s logo and text specific to the SP and IdP in question. Visit the wiki for examples and instructions how to incorporate the Error Handling Service into your SP deployment.
We continue to look for ways to improve and expand on the tools available for use by site administrators. Please let us know if you have suggestions or questions (admin at incommon dot org).
A community working group is seeking feedback on the InCommon Silver with Active Directory Cookbook (https://spaces.at.internet2.edu/x/w56KAQ) during a public review period that will be open from January 12th through January 31st.
A number of InCommon participant institutions have been preparing to submit applications to the assurance program, and specifically, to be able to assert the InCommon Silver level of assurance. This draft “cookbook” is intended to help those who have Microsoft’s Active Directory Domain Services (commonly referred to as “Active Directory” or “AD”) deployed, be able to configure it for compliance with the technical requirements for Silver. Comments can be sent to assurance-adsilver@incommon.org.
Join an informational workshop with InCommon affiliates on January 24, 2012, at the UMBC Technology Center in Baltimore. All five InCommon affiliates, AegisUSA, Fischer International, Gluu, Microsoft, and Unicon will present their identity management solutions and services and will be available for in-depth discussions in break-out sessions. Learn more about these InCommon affiliates. In addition, Khalil Yazdi from Internet2 will provide an update on NET+ Services.
Audience: IT management, policy, and identity management practitioners from Maryland's community colleges, independent colleges and universities, public universities, K-12 institutions, and state agencies.
Date: January 24, 2012, from 8:30 a.m. - 4:00 p.m.
Location: UMBC Technology Center at 1450 South Rolling Road, Baltimore, MD 21227. Directions to the UMBC Technology Center.
Registration: Please register by 4:00 p.m. on January 20, 2012. If you have questions concerning the workshop, please contact Suresh Balakrishnan.
Other: There is no fee for the workshop. Refreshments, breakfast and lunch will be provided. Parking is free.
The January 2012 issue of the InCommon Update is now available online. In this issue:
- InCommon Launches New Research & Scholarship SP Category
- IAM Online January 11 - Using Federated Identity and Cyberinfrastructure
- New Certificate Service Subscribers
- New Participants in December
View the archived webinar (Adobe Connect)
Download the webinar slides (PDF)
InCommon is launching an innovative program that will enable federation of collaborative services for an important subset of the campus community, a new category of service providers called Research & Scholarship. Identity providers (IdPs) can release a minimal set of attributes to all service providers (SPs) in the Research & Scholarship (R&S) category, simplifying and streamlining user access at the SP while reducing administrative overhead at the IdP.
InCommon will host a webinar on Thursday, January 19, 2012, at 2 p.m. EST, to provide more information about the Research & Scholarship category. Details on joining the webinar are at the end of this message.
Complete information about this new category is on the InCommon wiki.
Service providers eligible for the R&S category include those that support research and scholarly activities such as virtual organizations and campus-based collaboration services. Participating IdPs will agree to release a minimal set of attributes to the R&S category (name, email address, user identifier, and user affiliation). This can be done with a one-time modification to the IdP’s default attribute release policy, which will apply to the entire R&S category of SPs.
Currently, most identity providers (IdPs) share only an “opaque identifier” (that is, no attributes) by default. The R&S category provides a simpler and more scalable approach for IdPs than negotiating attribute release bilaterally with every service provider.
For more information, including guidance for IdPs and SPs, visit the InCommon wiki. You can send specific questions to info@incommon.org.
----------
R&S Category Webinar
Thursday, January 19, 2012
2 pm ET / 1 pm CT / Noon MT / 11 am PT
Adobe connect for slide sharing and listen-only audio: http://internet2.adobeconnect.com/inc-category/
Back-up phone bridge:
734-615-7474 (preferred)
866-411-0013 (toll-free in US and Canada)
Access code: 0117582#