Technical Requirements and Information
Supported Software
Organizations participating in InCommon must install and operate software systems that can interoperate with other participants. See the Software Guidelines for information on recommended software.
InCommon Deployment
The bulk of the work of configuring a Shibboleth IdP or SP is not specific to the federation(s) you are participating in, but there are various steps involved in making your deployment "InCommon-aware" once it's up and running. To get started, visit the Technical Guide on the InCommon Collaboration wiki.
Shibboleth software guides are also available:
- Shibboleth installation guides and general support
- Shibboleth Deployment Guide for The Ohio State University
Testing
Test your Identity Provider configuration by visiting the InCommon Test Service Web page (a Shib 1.3 SP).
There are at least two ways to test your Service Provider.
Participant Operating Practices
Federation participants must provide InCommon with a link to their practices as described in the Participant Operating Practices (POP). Download the template [doc] [html].
Your EntityID
Getting ready to start the federating process? The technical guide on the InCommon-Collaborate wiki provides important information about things to consider concerning your EntityID
Registering Your Systems in Federation: Metadata
It's fairly simple to activate a resource (SP) or identity management system (IdP) in the federation. All Participants' Administrators (as designated by your Executive) have access to the site admin management interface. InCommon's hours of operation are noted for your planning and convenenience.
Data for SPs: Entity ID, Assertion Consumer Service Endpoints: Type (post/artifact) and URL; KeyName; and Contacts (support, technical, administrative)
Data for IdPs: Error URL; URL and KeyName for Single Sign On Service; URL and KeyName for Attribute Service; and Contacts (support, technical, administrative)
For detailed information on InCommon metadata and the InCommon WAYF ("Where Are You From?") service, please see the Metadata page.
Identity Attributes
For information regarding the attributes InCommon recommends, please visit the Attributes page.
InCommon Operations Reference
InCommon is responsible for the operation of a number of technology platforms, including a Web server, the WAYF server, and a certificate authority (CA). InCommon operates its own x.509 v3 certificate authority, issuing server certificates for use within InCommon. InCommon also operates a redundant WAYF server. The WAYF does not preclude a Sponsored Partner from operating its own WAYF, which might, for example, list only those Higher Education Institutions with which it has an operating agreement.
Operation of the technical infrastructure is described generally in the FOPP (see policy page) and the following documents. These documents are made available for evaluation by participating organizations to establish trust in the secure operations of the InCommon Federation.
- InCommon Technical Operations
- Hours of Operation
- For customer support, certificate issuance, and metadata updates
- InCommon Federation Infrastructure Technical
Reference ver 0.22 [HTML]
[PDF]
- Describes the system to manage the InCommon federation infrastructure.
- InCommon Technical Operations steps ver 0.43 [HTML]
[PDF]
- Description of the steps that will be taken
to operate the Certificate Authority.
- Description of the steps that will be taken
to operate the Certificate Authority.
- InCommon Federation Disaster Recovery Procedures
ver 0.12 [HTML]
[PDF]
- Description of the disaster recovery procedures for the Federation infrastructure.
-
InCommon Certificate Authority (CA) Operations
- InCommon CA PKI-Lite CP & CPS v1.0 [PDF] [older versions]
- Certificate Renewal and Updating v1.0 [PDF]
- InCommon CA Technical Reference ver 0.43 [HTML] [PDF]
- Describes the system to manage the InCommon Certificate Authority.
- InCommon CA Disaster Recovery from root key
compromise ver 0.31 [HTML]
[PDF]
- Description of the steps that will be taken if
the root key of the Certificate Authority, metadata signing key,
or the secure database is compromised.
- Description of the steps that will be taken if
the root key of the Certificate Authority, metadata signing key,
or the secure database is compromised.
- InCommon CA Audit Log ver 0.42 [HTML]
[PDF]
- Description of the paper audit log for accessing
the Certificate Authority.
- Description of the paper audit log for accessing
the Certificate Authority.
- InCommon CA Disaster Recovery Procedure ver
0.16 [HTML]
[PDF]
- Description of the disaster recovery steps that
will be used in case of failure of the Certificate Authority hardware.
- Description of the disaster recovery steps that
will be used in case of failure of the Certificate Authority hardware.
- InCommon CA Revoke Process ver 0.11 [HTML] [PDF]
- Documents the current process for revoking a
certificate for a federation participant.
- Documents the current process for revoking a
certificate for a federation participant.