Register a SAML Service Provider (SP) with InCommon

A knowledge base article about Register a SAML Service Provider (SP) with InCommon provided by the UC Berkeley IT Service Hub - Knowledge Portal

Background

If you want to allow other Universities or research entities to have access to your application via federated authentication you can publish your application (Service Provider) with the InCommon Federation.  You do not need to request registration with InCommon if you are only authenticating UC Berkeley affiliates (or sponsored guests).

Onboarding an InCommon SP requires that have a working SSO integration using SAML.  Common scenarios including using the Shibboleth SP or SimpleSAMLphp client with your application.

Steps

Collect the information listed below and open a ticket with calnet-admin@berkeley.edu.  An InCommon site admin will verify your data and reach out if they have questions.

  1. The name and email address of the following designated SP contacts. We strongly recommend providing at least one contact of each type and using email lists or aliases read by a group instead of individual email addresses:
    • Technical contact - for direct communication between InCommon participants regarding technical issues (Required)
    • Administrative contact - for direct communication between InCommon participants regarding non-technical issues (Required)
    • Security contact - for direct communication between InCommon participants regarding security matters (Required)
    • Support contact - for end-user technical support (Recommended)
  2. A user-friendly display name for your SP. (Required)
  3. A brief description (140 characters or less) of the service your SP provides. (Recommended)
  4. A URL where someone can go to read more about your service. (Recommended)
  5. A URL for an online privacy statement. UC Berkeley SPs should generally use the official Privacy Statement for UC Berkeley Websites (Privacy Statement for UC Berkeley Websites). (Required)
  6. A URL for a logo that represents your service (must be an https URL). Please provide the width and height (pixels) of your logo. Logo guidelines: (Required)
    • Have a transparent background
    • Have a landscape orientation (width > height)
    • Have a minimum width of 100 pixels
    • Have a minimum height of 75 pixels and a maximum height of 150 pixels (or the application will scale it proportionally)
  7. If you will be using the Centralized Discovery Service software (WAYF/IdP chooser) or another discovery service that uses the idp discovery protocol please include your "DiscoveryResponse" endpoint(s).
  8. Indicate whether your SP will require any of the following attributes to be released from InCommon IdPs. Select up to six. (Recommended):
    • common name (cn)
    • displayName
    • eduPersonAffiliation
    • eduPersonEntitlement
    • eduPersonPrincipleName (ePPN)
    • eduPersonScopedAffiliation
    • eduPersonTargetedID (ePTID)
    • givenName
    • mail
    • organizationName (o)
    • surname (sn)
  9. Your SP metadata file (Required)