Date: Thu, 28 Mar 2024 23:27:48 +0000 (UTC) Message-ID: <1707555117.7193.1711668468753@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7192_682121791.1711668468750" ------=_Part_7192_682121791.1711668468750 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
This article offers implementation tips and advises to&nb= sp;software makers who wish to produce software solution that integrate wel= l with federated single sign-on (SSO) identity providers in the InCommon Fe= deration.
Research and education (R&E) identity federations worldwide, i=
ncluding InCommon in the United States, use SAML as its federated sing=
le sign-on protocol. Creating InCommon-ready software starts with supp=
orting SAML. However, unless your software's primary purpose is to implemen=
t the SAML protocol stack, we=
strongly suggest adopting one of the existing InCommon-ready SAML implementations rather than=
building your own. These sof=
tware reduce and/or eliminate the effort required to create and=
maintain customer code to handle the nuances of SAML protocol suite and to support the various feder=
ation integration profiles.
See: Available = SAML Implementations.
Whether you build your own SAML software or not, an InCommon-ready= software needs to allow its deployer to configure the software= to properly interact with identity providers in the InCommon Federation us= ing federation-endorsed integration profiles and practices. In particular, = an InCommon-ready software should cover the following areas:
Whenever possible, adopt a SAML 2.0 implementation that has proper suppo= rt for requirements outlined in the Kantara = SAML V2.0 Implementation Profile for Federation Interoperability. If yo= u are writing your own SAML implementation, see Build Your Own SAML Software.
A major benefit of participating in the InCommon Federation is that InCo= mmon offers a trusted and scalable way for identity providers and service p= roviders exchange service metadata and cryptographic keys. By consuming SAM= L metadata from the InCommon Metadata Service, service operator can automat= ically detect changes from any participating identity providers and dynamic= ally update configurations. An InCommon-ready software should be able to co= nsume an identity provider's metadata from the InCommon Metadata Service.&n= bsp;
See:
<basically, make sure your software or the SAML module you choose can= be configured to map/consume federation attributes>
<provide SP-specific considerations when working with user identifier= , including multi-lateral federation concerns (there might be multiple IdPs= involved.>
These are a few examples of available SAML = implementations:
If you decide to write your own SAML implementation, to ensure your impl= ementation will work well in the InCommon Federation, make sure your s= oftware conforms with the Common Requirements and Service Provider Requirem= ents of the Kantara SAML V2.0 Implementation= Profile for Federation Interoperability. Published by the&n= bsp;Kant= ara Initiative, the SAML V2.0 Implementation Profile encompasses a= set of software conformance requirements intended to facilitate interopera= bility within full mesh (multilateral) identity federations, such as those = found in the research and education sector, including the InCommon Federati= on.
Further, check out Kantara SAML V2.0 Deploy= ment Profile for Federation Interoperability. Where as the Implementati= on Profile is written for software makers, the Deployment Profile helps ser= vice operators deploy InCommon-Ready services. Your software should allow a= service operator using your software to fully conform with the requirement= s in the Deployment Profile.
Kantara SAML V2.0 Implementation Profile for F= ederation Interoperability (fedinterop) =E2=86=92
Kantara SAML V2.0 Deployment Profile for Federat= ion Interoperability (saml2int) =E2=86=92
OASIS Security Assertion Markup Langua= ge (SAML) V2.0 =E2=86=92
Shibbolet= h website =E2=86=92
SimpleSAML= php website =E2=86=92
OpenSAML wiki =E2=86=92
Get Help
Can't find what you are looking for?