- Start at: Information for InCommon Site Administrators ( https://www.incommon.org/federation/siteadmin.html )
- Click on "Federation Manager Login" in left-hand panel
- Login using your InCommon-issued Site Admin credentials
- When registering a new IdP, you need to:
- Upload its signing certificate
- Use the Wizard to register a new IdP
- Upload signing cert
- Click on "X.509 Certificates (IdP Only)" in left-hand panel
- Click on "Submit new X509 certificate (IdP only)" in main panel
- (or you can review any signing certs you've already uploaded by clicking on "List of certificates (n)")
- Copy and paste the contents of your IdP's signing certificate into the form for such.
- If you are running Shibboleth IdPv3.x, this will be the certificate file that is listed as the value of the 'idp.signing.cert' property in the IdP's conf/idp.properties file. That file will be in the IdP's credentials directory, as either:
- credentials/idp.crt or
- credentials/idp-signing.crt
- If you are still running Shibboleth IdPv2.x, it will almost certainly be that first name above: credentials/idp.crt
- If you are running any other SAML IdP software (PortalGuard, Ellucian EIS/Ethos, etc.), it will be whatever certificate that software identifies as being the IdP's "Signing Certificate" or "Public Certificate".
- If you are running Shibboleth IdPv3.x, this will be the certificate file that is listed as the value of the 'idp.signing.cert' property in the IdP's conf/idp.properties file. That file will be in the IdP's credentials directory, as either:
- Check the "I understand and acknowledge that InCommon ..." box
- Click on the Review button
- You will get the Confirmation page. Review and click on the Submit button if all looks good to you
- Click on "X.509 Certificates (IdP Only)" in left-hand panel
- Register the IdP — You are now ready to register the IdP. An important thing to keep in mind is that, even though your IdP might support lots of different endpoints and features. it's usually better just to register the ones that you'll know may need to be used, and not define the other ones to InCommon. That doesn't mean the other endpoints "won't work", just that you don't advertise them to anyone else for now. If you need them later, you can revise/update your InCommon metadata.
- Click on "Identity Provider Metadata Wizard" in left-hand panel (see screen shot for 5a above if needed)
- If you have kept your IdP's metadata up-to-date, then for a Shibboleth IdP, the file in the default location of /opt/shibboleth-idp/metadata/idp-metadata.xml will have the information you need when you are using the Wizard. If you are using another SAML IdP implementation, you'll have to look for the matching-type information from it.
- Assuming you haven't already registered an IdP (you can only register one), then after you click on Identity Provider Metadata Wizard", you should get a page that looks similar to the following. (Since I already have registered an IdP, I can't go thru the "new flow" myself.)
- The first key thing to enter is your IdP's entityID (I wouldn't bother using the Hostname field/IdP Server Software combo). The entityID can be found in several places, at least for the Shibboleth IdP. If you are looking at the metadata file for your IdP, it's in the top EntityDescriptor element, labelled as (e.g.) entityID="https://idp.campus.edu/idp/shibboleth". You will also find it listed as the value of the 'idp.entityID' property in the IdP's conf/idp.properties file.
- more
Page Comparison
Manage space
Manage content
Integrations