Skip to content Skip to site navigation Skip to service navigation

Set Up an InCommon SP

Registration

Onboarding InCommon SP requires more information (than spdb) and you would also need Stanford InCommon SiteAdmin to submit the registration for you. 

Prepare for InCommon UI Components

  1. DisplayName
  2. Description
  3. InformationURL
  4. PrivacyStatementURL
  5. Logo URL
  6. Logo Width x Height (pixels)

References, see InCommon SP User Interface Elements in Metadata.

Option to export to eduGAIN (in addition to InCommon)

  • Default is No

Review Baseline Expectation

  1. All InCommon SPs are expected to meet Baseline Expectation. Read it and ensure your SP is compliant.
  2. Test your server against ssllabs. You need to have a score of A or better.

File a SNOW Ticket to register your SP in InCommon

  1. Provide the metadata URL of SP that we can pull from; or attach your metadata in the ticket. The SAML encryption certificates must be present in your metadata. InCommon Federation does not accept SPs without.

  2. Update Stanford InCommon entityID, urn:mace:incommon:stanford.edu (ex: urn:mace:incommon:stanford.edu ) as IDP entityID for your SP.

Verify your SP metadata has been published

  1. You can download the entire InCommon aggregates, which is usually updated once a day. (Warning, the file size is around 80MB+).

  2. Or use the scripts/mdq_url to query your SP metadata.

ex: scripts/mdq_url.sh [entityid]

$ scripts/mdq_url.sh https://stanford.zoom.us

Sample Configuration

Metadata or MDQ

  1. See InCommon Configure Shibboleth service provider for more details
  2. A quick example shibboleth2.xml

Shibboleth Embedded Discovery Services

  1. See Shibboleth EDS
  2. A quick example shibboleth-eds config

A Sample SP

Last modified August 16, 2024