The Incommon Federation wiki has moved.

Please visit the new InCommon Federation Library wiki for updated content. Remember to update your bookmarks.

Click in the link above if you are not automatically redirected in 15 seconds.



You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Holiday Technology Checklist 2016

ANNOUNCEMENT: Reduced Metadata Signing Operations

Mark your calendars! The Internet2 offices will be closed from 5:00pm ET, Friday, December 23, 2016 to 8:00am ET, Tuesday, January 3, 2017. No metadata processing will occur during this interval except during the following two days:

NOTE: Metadata processing and signing will occur on WednesdayThursday, December 28–29, 2016 at approximately 12:30pm ET! No other metadata signings are scheduled during the holiday period!

See the published InCommon Hours of Operation for more information.

You may want to add these items to your holiday shopping list   (smile)

  1. Upgrade to Shibboleth IdP V3 now! (Version 2 reached end-of-life on July 31, 2016)
    1. For a list of IdPs that have (or have not) upgraded to V3, see: List of Shibboleth IdPs by Version (ref)
    2. Note: Shibboleth IdP V3.3.0 was announced on November 11, 2016
  2. Support the Research & Scholarship Category!
    1. Information for SP owners wanting to apply for R&S
    2. Information for IdP operators who release attributes to R&S SPs
  3. Is your IdP discoverable?
    1. Tweak your IdP DisplayName in metadata (if necessary)
    2. Add a Logo URL to IdP metadata (and publish a favicon on your IdP server)
    3. Support the InCommon Federated Error Handling Service by adding an Error Handling URL (ref) (errorURL) to your IdP metadata 
      1. To check if your errorURL is working properly, see: List of errorURLs in IdP Metadata
    4. Learn more about the Hide From Discovery Category
  4. Fully support SAML V2.0
    1. All SP deployments advertise a TLS-protected <md:AssertionConsumerService> endpoint that supports the SAML V2.0 HTTP-POST binding
    2. All IdP deployments advertise a TLS-protected <md:SingleSignOnService> endpoint that supports the SAML V2.0 HTTP-Redirect binding
    3. IdP operators are advised not to advertise for the SAML1 protocol and for various Back-channel SAML Protocols
  5. Migrate to the REFEDS security contact
    1. For a list of entities that include a legacy InCommon security contact, see: List of Legacy Security Contacts
  6. Choose the best metadata aggregate for your SAML deployment
    1. Configure all your SPs to consume the IdP-only aggregate
    2. Configure your test IdPs to consume the preview aggregate
#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels