Federation Technical Guide
The Federation Technical Guide provides a convenient way to locate the details and documentation for implementing federated identity management with InCommon.
Precursors to Technical Implementation
We have a short document, "InCommon Basics and Participating in InCommon," that includes a Federated Identity Management Checklist. If you are new to InCommon or to federated identity, this is a good place to start. This booklet includes information on the following topics:
- Review your practices and publish your POP
- Install/Configure a SAML 2.0 Compliant federating software
- Support the eduPerson Schema
- Configure IdP attribute resolver for the appropriate sources
- Configure the IdP to release the right attributes
SAML
Clicking on the first bullet takes you to the "What is SAML" page. From this page, you will find links and child pages covering the subsidiary topics.
- What is SAML?
- Benefits of SAML2
- IdP Support for SAML2
- SAML 2.0 FAQ
- SAML 2.0 profiles
- SP Support for SAML2
- SP Testing for SAML2
Starting with InCommon
- Supported software
- Shibboleth installation guides
- Shibboleth installation training
- Testing your IdP
- Testing your SP
- Naming and establishing your EntityID
- Registering your system in the federation: metadata
- Establishing your primary DNS domain
Identity Attributes
Federation Manager
Metadata
- General Information
- Metadata administration
- Federation Manager
- IdP Metadata Elements
- SP Metadata Elements
- InCommon Extension Schema
- Contacts in Metadata
- Endpoints in Metadata
- Entity IDs
- Error Handling URL
- New IdPs in Metadata
- Scope in metadata
- x.509 certificates in metadata
- Metadata consumption
- User interface elements
Discovery
- General Information
- Configuring metadata for discovery
- Configuring Shibboleth for InCommon Discovery Service
Advanced
Recommended Practices
The InCommon community has developed a set of recommended practices for many aspects of federation practice. You can navigate to the Recommended Practices page for these and other topics:
- Organizational Presence
- Participant Operational Practices (POP)
- Contacts in Metadata
- Federated Security Incident Response
- Technical Basics
- Metadata consumption (refreshed daily)
- Scope in Metadata (DNS domain controlled by SP)
- x.509 certificates in metadata
- SAML protocol endpoints
- User Interface elements in metadata (IdP and SP)
- Requested attributes in metadata
- Operational Maturity
- Maintaining supported software
- Federation user experience
- Maximizing the Federation
- Identity Provider attribute release process
- Persistent identifier support
Research and Scholarship Category
Categories of service providers offer a way to simplify configurations and better scale the federation. The Research and Scholarship wiki includes information about these topics:
- What is the Research and Scholarship category?
- Candidate services
- Requirements for R&S service providers
- R&S category attributes
- Application to join the R&S category
- Policy considerations for IdPs
- FAQ for IdPs