Home | About InCommon | Join InCommon

• Join InCommon
• Participants
• Policies and Practices
• Technical Information
• Metadata, WAYF, & CA
• Frequently Asked Questions
• Benefits
• Site Administrator Login
• Collaboration Wiki
• Glossary
• Contact
• About

Technical Requirements and Information

Supported Software

Organizations participating in InCommon must install and operate software systems that can interoperate with other participants. See the Software Guidelines for information on recommended software.

InCommon Software Deployment Guides

InCommon-specific guides are available to aid in installing and configuring the Shibboleth software:
• InCommon Recommended server configurations for Identity Providers (IdPs)
• InCommon Recommended server configurations for Service Providers (SPs)

Shibboleth software guides are also available:
• Shibboleth installation guides and general support
• Shibboleth Deployment Guide for The Ohio State University

Testing

 Test your Identity Provider configuration by visiting the InCommon Test Service Web page.

Participant Operating Practices

Federation participants must provide InCommon with a link to their practices as described in the Participant Operating Practices (POP). Download the template [doc] [html].

Registering Your Systems in Federation: Metadata

It's fairly simple to activate a resource (SP) or identity management system (IdP) in the federation. All Participants' Administrators (as designated by your Executive) have access to the site admin management interface. InCommon's hours of operation are noted for your planning and convenenience.

Data for SPs: Provider ID, Assertion Consumer Service Endpoints: Type (post/artifact) and URL; KeyName; and Contacts (support, technical, administrative)

Data for IdPs: Error URL; URL and KeyName for Single Sign On Service; URL and KeyName for Attribute Service; and Contacts (support, technical, administrative)

For detailed information on InCommon metadata and the InCommon WAYF ("Where Are You From?") service, please see the Metadata page.

Identity Attributes

For information regarding the attributes InCommon recommends, please visit the Attributes page.

---

InCommon Operations Reference

InCommon is responsible for the operation of a number of technology platforms, including a Web server, the WAYF server, and a certificate authority (CA). InCommon operates its own x.509 v3 certificate authority, issuing server certificates for use within InCommon. InCommon also operates a redundant WAYF server. The WAYF does not preclude a Sponsored Partner from operating its own WAYF, which might, for example, list only those Higher Education Institutions with which it has an operating agreement.

Operation of the technical infrastructure is described generally in the FOPP (see policy page) and the following documents. These documents are made available for evaluation by participating organizations to establish trust in the secure operations of the InCommon Federation.

InCommon Technical Operations
• Hours of Operation
  • For customer support, certificate issuance, and metadata updates
• InCommon Federation Infrastructure Technical Reference ver 0.22 [HTML] [PDF]
  • Describes the system to manage the InCommon federation infrastructure.
• InCommon Technical Operations steps ver 0.43 [HTML] [PDF]
  • Description of the steps that will be taken to operate the Certificate Authority.
    
• InCommon Federation Disaster Recovery Procedures ver 0.12 [HTML] [PDF]
  • Description of the disaster recovery procedures for the Federation infrastructure.

InCommon Certificate Authority (CA) Operations
• InCommon CA PKI-Lite CP & CPS v1.0 [PDF] [older versions]
  • The Server Certificate Profile excerpted from the CPS is here.
• Certificate Renewal and Updating v1.0 [PDF]
• InCommon CA Technical Reference ver 0.43 [HTML] [PDF]
• Describes the system to manage the InCommon Certificate Authority.
• InCommon CA Disaster Recovery from root key compromise ver 0.31 [HTML] [PDF]
  • Description of the steps that will be taken if the root key of the Certificate Authority, metadata signing key, or the secure database is compromised.
    
• InCommon CA Audit Log ver 0.42 [HTML] [PDF]
  • Description of the paper audit log for accessing the Certificate Authority.
    
• InCommon CA Disaster Recovery Procedure ver 0.16 [HTML] [PDF]
  • Description of the disaster recovery steps that will be used in case of failure of the Certificate Authority hardware.
    
• InCommon CA Revoke Process ver 0.11 [HTML] [PDF]
  • Documents the current process for revoking a certificate for a federation participant.