Internet2 is investigating a security incident involving a compromise to a confluence server that affected https://spaces.at.internet2.edu on April 10, 2019, which was successfully mitigated on April 12, 2019. If you did not receive an email from us, it’s unlikely that any of the content you submitted to the Internet2 Spaces Wiki needs to be re-entered. We apologize for any inconvenience this may have caused. Should you have any questions or require further assistance, please email collaboration-support@internet2.edu.
Skip to end of metadata
Go to start of metadata

This is the SAML home page for the InCommon Federation.

What is SAML?

Security Assertion Markup Language (SAML) is an XML-based markup language accompanied by various protocols, bindings, and profiles. Far and away the most important profile (which builds on the other SAML components) is SAML Web Browser SSO, a secure single sign-on solution for cross-domain deployment scenarios. See the #External References section at the end of this document for pointers to reference material and documentation.

Supported Profiles

InCommon recommends that SPs and IdPs support the following protocols and profiles:

Strongly Recommended:

  • SAML V2.0 Web Browser SSO

Recommended:

  • SAML V2.0 Identity Provider Discovery Protocol
  • SAML V2.0 Enhanced Client or Proxy (ECP)

Optional:

  • SAML V2.0 Single Logout
  • SAML V1.1 Web Browser SSO

See the Endpoints in Metadata wiki page for details regarding SAML profiles, bindings, and protocols in metadata, and the Recommended Practices wiki page for further guidance and recommendations.

Migration to SAML V2.0

InCommon strongly recommends that all entities (IdPs and SPs) support SAML V2.0 Web Browser SSO. The benefits of SAML V2.0 are significant, to both individual participants and the Federation as a whole; see What's New in SAML 2? for more information.

Currently there are a few dozen IdPs in the InCommon Federation that do not support SAML V2.0. Consequently, SPs can not safely ignore legacy SAML V1.1 protocols, which tends to favor the latter over SAML V2.0. As a community, we are caught in a chicken-and-egg situation that can be traced back to those legacy IdPs. If most of those IdPs were to add SAML V2.0 to their portfolio, the dynamics would immediately change, for the benefit of all Federation participants.

To help IdPs support SAML V2.0, we've documented a migration strategy that does not depend an a second IdP. Following our suggestions, IdPs can be safely upgraded to support SAML V2.0 with a minimum of effort. We encourage you to read the documentation carefully so that you can begin to plan your move to SAML V2.0.

For their part, SPs are encouraged to support SAML V2.0 as well. An SP's migration path to SAML V2.0 is actually more complicated than that of the IdP, but if done correctly, an SP can make a smooth transition to SAML V2.0 with little or no disruption to services.

Local Resources

For historical data on the use of SAML V1.1 and SAML V2.0 in the InCommon Federation, see the CSV files attached to this wiki page.

External References

  File Modified
File entity-count-2012-11-08.csv Apr 12, 2013 by trscavo@internet2.edu
File entity-count-2013-01-08.csv Apr 12, 2013 by trscavo@internet2.edu
File entity-count-2012-05-29.csv Historical count of SPs and IdPs Apr 12, 2013 by trscavo@internet2.edu
File entity-count-2012-10-28.csv Apr 12, 2013 by trscavo@internet2.edu
File entity-count-2013-04-12.csv Apr 12, 2013 by trscavo@internet2.edu

  • No labels