InCommon will verify that all newly submitted entity IDs meet the following Strict requirements:
If a site administrator submits metadata with some other form of an entity ID that does not meet the above requirements, a manual vetting process is triggered, which may delay the approval process.
- include the substring "idp" or "identityprovider" in an IdP entity ID
- include the substring "sp" or "serviceprovider" in an SP entity ID
- do not include the substring "incommon" in an entity ID
- do not include the name of your SAML software in an entity ID ("shibboleth", "adfs", "php", etc.)
- an URL-based entity ID starting with "https://" is more flexible than one starting with "http://"
- avoid using substring "www" in an URL-based entity ID
- do not end an URL-based entity ID with a slash ()
- do not include a port number, a query string (?), or a fragment identifier (#) in an URL-based entity ID