The InCommon TAC is evaluating the open identity provider service, idpopen.garr.it, against the requirements defined in the IdP of Last Resort WG's final report. Results so far include the following:
idpopen.garr.it meets the following MUST requirements today:
- Support for user self-registration (but see first bullet under 'some dev. work needed' below)
- Once a user has authenticated an SSO session is established at the IdP
By joining InCommon and taking a set of procedural steps, idpopen.garr.it could also meet the following MUST Requirements
Some development work would be needed to meet the following MUST Requirements
- User registration incorporated into sign-in flow, so new user is not stranded at IdP. NOTE: In case user is a first-time registrant at UnitedId, the second factor issuance/registration process will not be instantaneous. In such cases, an appropriate SAML error message is returned to the SP so that the user is not stranded between IdP and SP, but is returned to the SP where the error can be handled gracefully.
idpopen.garr.it also meets the following desired conditions: