InCommon Metadata, CA, and WAYF

Response Time and Hours of Operation

Metadata

InCommon metadata is located here:
http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml

Note: The metadata carries an expiration date (validuntil) and will expire monthly. We strongly recommend that you download the metadata at least daily to ensure that you have the most up-to-date keys and registered information.

InCommon SAML2 Support

InCommon has added support for SAML2. This is our initial support for SAML2. We plan to roll out additional SAML2 support as time goes on. An FAQ is available on the InCommon Collaborate wiki.

InCommon Attribute Support

InCommon supports eduPerson attributes. For more information, see the InCommon attribute overview page, as well as a summary of the attributes InCommon supports (at a minimum).

Metadata Submission List

(* indicates a required item.)
Submit your metadata through the Administrative Login (see "Site Admin" link in the left nav)

Metadata for Identity Provider systems (IdP)
• Top Domain Name*
• URL of Single Sign On Service*
• URL of Artifact Resolution Service
• URL of Attribute Authority Service*
• URL of Error Page
• KeyName (CN of your selected Digital Certificate)*
• Technical contact name and email address*
• Administrative and/or Support contacts

Metadata for Service Provider systems (SP)
• EntityID* (Must be both unique and meaningful)
• Assertion Consumer Service: Type (post, artificat) and URL*
• KeyName (CN of your selected Digital Certificate)*
• Technical contact name and email address*
• Administrative and/or Support contacts

InCommon Certificate Authority

InCommon accepts self-signed server certificates. As of January 2010, InCommon no longer issues certificates signed by the InCommon CA. See this wiki page for more information.

The metadata signing certificate:
https://wayf.incommonfederation.org/bridge/certs/incommon.pem

The InCommon CA root certificate:
https://wayf.incommonfederation.org/bridge/certs/ca.pem

Certificate Revocation Lists:
http://incommoncrl1.incommonfederation.org/crl/eecrls.crl
http://incommoncrl2.incommonfederation.org/crl/eecrls.crl

Server Cert Profile from the CP/CPS (pdf)

CSRs (Certificate Signing Requests) will be processed and e-mailed to the Administrative within one Internet2 business day. The certificate will be in PEM format to be used for participation in the Federation. Submit CSRs using the Site Admin Login.

The InCommon WAYF

The preferred method for accessing the InCommon WAYF ("Where are You From?") servers is via its DNS name – https://wayf.incommonfederation.org/InCommon/WAYF – rather than by numeric IP address. DNS resolution is preferable since there are two InCommon WAYF servers, a primary server and a backup server. At the discretion of InCommon, either server may be designated as primary. If needed for other reasons, the IP addresses for the InCommon WAYFs are: 192.148.244.135 and 207.75.165.125

This page last updated December 18, 2009.

Email any questions to: incommon-admin@incommonfederation.org
© Copyright 2010 InCommon, LLC. All Rights Reserved. InCommon is operated by Internet2.
Participation in InCommon is separate and distinct from membership in Internet2.