The Incommon Federation wiki has moved.

Please visit the new InCommon Federation Library wiki for updated content. Remember to update your bookmarks.

Click in the link above if you are not automatically redirected in 15 seconds.



The InCommon Federation wiki has moved.


We have exciting news! An updated InCommon Federation wiki is now available. Please visit the new InCommon Federation Library for updated content.

This wiki is preserved for historical records only. It will no longer be updated. 

We invite you to come check out the new Library. Don't forget to update your bookmarks accordingly. 


search Visit the InCommon Federation Library wiki

This is the SAML home page for the InCommon Federation.

What is SAML?

Security Assertion Markup Language (SAML) is an XML-based markup language accompanied by various protocols, bindings, and profiles. Far and away the most important profile (which builds on the other SAML components) is SAML Web Browser SSO, a secure single sign-on solution for cross-domain deployment scenarios. See the #External References section at the end of this document for pointers to reference material and documentation.

Supported Profiles

InCommon recommends that SPs and IdPs support the following protocols and profiles:

Strongly Recommended:

  • SAML V2.0 Web Browser SSO

Recommended:

  • SAML V2.0 Identity Provider Discovery Protocol
  • SAML V2.0 Enhanced Client or Proxy (ECP)

Optional:

  • SAML V2.0 Single Logout
  • SAML V1.1 Web Browser SSO

See the Endpoints in Metadata wiki page for details regarding SAML profiles, bindings, and protocols in metadata, and the Recommended Practices wiki page for further guidance and recommendations.

Migration to SAML V2.0

InCommon strongly recommends that all entities (IdPs and SPs) support SAML V2.0 Web Browser SSO. The benefits of SAML V2.0 are significant, to both individual participants and the Federation as a whole; see What's New in SAML 2? for more information.

Currently there are a few dozen IdPs in the InCommon Federation that do not support SAML V2.0. Consequently, SPs can not safely ignore legacy SAML V1.1 protocols, which tends to favor the latter over SAML V2.0. As a community, we are caught in a chicken-and-egg situation that can be traced back to those legacy IdPs. If most of those IdPs were to add SAML V2.0 to their portfolio, the dynamics would immediately change, for the benefit of all Federation participants.

To help IdPs support SAML V2.0, we've documented a migration strategy that does not depend an a second IdP. Following our suggestions, IdPs can be safely upgraded to support SAML V2.0 with a minimum of effort. We encourage you to read the documentation carefully so that you can begin to plan your move to SAML V2.0.

For their part, SPs are encouraged to support SAML V2.0 as well. An SP's migration path to SAML V2.0 is actually more complicated than that of the IdP, but if done correctly, an SP can make a smooth transition to SAML V2.0 with little or no disruption to services.

Local Resources

For historical data on the use of SAML V1.1 and SAML V2.0 in the InCommon Federation, see the CSV files attached to this wiki page.

External References

  File Modified
File entity-count-2013-04-12.csv Apr 12, 2013 by trscavo@internet2.edu
File entity-count-2012-10-28.csv Apr 12, 2013 by trscavo@internet2.edu
File entity-count-2012-05-29.csv Historical count of SPs and IdPs Apr 12, 2013 by trscavo@internet2.edu
File entity-count-2013-01-08.csv Apr 12, 2013 by trscavo@internet2.edu
File entity-count-2012-11-08.csv Apr 12, 2013 by trscavo@internet2.edu

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels