The Incommon Federation wiki has moved.

Please visit the new InCommon Federation Library wiki for updated content. Remember to update your bookmarks.

Click in the link above if you are not automatically redirected in 15 seconds.



You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 29 Next »

Community Review in progress!

This document contains DRAFT material intended for discussion and comment by the InCommon participant community. Comments and questions should be sent to the InCommon participants mailing list (participants@incommon.org).

Initial considerations for New IdPs

Before registering a new IdP in metadata, consider these important questions:

  1. Identify at least two Site Administrators to administer IdP metadata
  2. Refresh and verify metadata at least daily (every hour if possible)
  3. Choose your entityID carefully
    1. a simple, generic name is best
      1. example: https://sso.example.edu/idp
    2. hostname must be rooted in your primary domain (e.g., example.edu)
    3. hostname need not match endpoint locations
  4. Choose your Scope carefully
    1. usually equal to your primary domain
    2. used to construct eduPersonPrincipalName
    3. avoid multiple Scopes in metadata
  5. Constrain your IdP's protocol support to the front channel
    1. do not support SAML1
    2. do not support attribute query
    3. do not support artifact resolution
#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels