Federation Technical Guide

The Federation Technical Guide provides a convenient way to locate the details and documentation for implementing federated identity management with InCommon.

Precursors to Technical Implementation

We have a short document, "InCommon Basics and Participating in InCommon," that includes a Federated Identity Management Checklist. If you are new to InCommon or to federated identity, this is a good place to start. This booklet includes information on the following topics:

• Review your practices and publish your POP
• Install/Configure SAML 2.0 Compliant federating software
• Support the eduPerson Schema
• Configure IdP attribute resolver for the appropriate sources
• Configure the IdP to release the right attributes

Technical Implementation

Starting with InCommon

• Shibboleth installation guides
• Shibboleth installation training
• Testing your IdP
• Naming and establishing your EntityID
• Registering your system in the federation: metadata
• Establishing your primary DNS domain

Identity Attributes

• Attribute Overview
• eduPerson Schema

Federation Manager

• Getting credentials to access federation manager
• Using the federation manager

Metadata

• General Information

Advanced Topics

Recommended Practices

The InCommon community has developed a set of recommended practices for many aspects of federation practice. You can navigate to the Recommended Practices page for these and other topics:

• Organizational Presence
  • Participant Operational Practices (POP)
  • Contacts in Metadata
  • Federated Security Incident Response
• Technical Basics
  • Metadata consumption (refreshed daily)
  • Scope in Metadata (IdP)
  • x.509 certificates in metadata
  • SAML protocol endpoints
  • User Interface elements in metadata (IdP and SP)
  • Requested attributes in metadata
• Operational Maturity
  • Maintaining supported software
  • Federation user experience
• Maximizing the Federation
  • Identity Provider attribute release process
  • Persistent identifier support