InCommon Federation is an identity management federation operator for U.S. education and research institutions. It provides a common framework for trusted shared management to access online resources. InCommon uses SAML-based authentication and authorization systems for scalability and trusted collaborations among its community of participants.
Users are able to access federation services using a single user account and password. Affiliated users can employ the user IDs assigned to them by their home universities to access and use numerous services instead of having to maintain and use different accounts.
miniOrange provides Single Sign-On solution with InCommon Federation on your WordPress site. Using this, your site can be integrated with InCommon Federation and your users will be able to access your site using their InCommon registered institution's credentials.
How miniOrange SAML 2.0 Single Sign-On Plugin works with InCommon Federation?
Our Plugin works in this way:
- First, the user clicks on Login with InCommon button. This will redirect them to InCommon's discovery service, using which the users can select their home institutions.
- The discovery service sends some information to the plugin(This info is used by the plugin to identify which Institution was selected by the user).
- The plugin creates a SAML Authentication request and sends it to the Identity Provider associated with the selected institution.
- The user can see their institution's login page. After successful authentication with their institution, the user gets redirected and logged in to the Wordpress website.
- In the my.cnf/my.ini file of your server, increase the max_allowed_packet value such that it would be more than the size of the metadata file. (Since the InCommon IDP-only metadata file is of 26M, you can set the max_allowed_packet value to 30M)
- For large metadata files(greater than 2M), use the metadata URL. File upload for large files won’t work.
Configure the InCommon Federation
- You need to provide the miniorange entityID to the InCommon discovery service so that the discovery service can recognize the requests coming from the miniOrange plugin. The entityID for the miniOrange plugin can be found in the Service Provider Metadata tab of the plugin.
- You can provide the SP metadata to the InCommon discovery service which can be downloaded from the metadata URL given in Service Provider Metadata tab.
- After this, your users will be able to login to your site with their respective universities using the miniOrange plugin.
Attribute / Role Mapping
- Using the Attribute/Role Mapping tab, you can assign different roles to different users and also map their attributes received from the IDP.
- You can configure IDP specific mapping as well as IDP-wide mapping using the Default Mapping option.
InCommon Federation - SSO Authentication Flow
- After configuring the plugin, you should see the Login with InCommon button on the WordPress login page. Click on this button to redirect to the InCommon discovery service.
- From the InCommon discovery service, select your home institution and click on next button.
- You will be redirected to the selected institution's login page for authentication.
- After successful authentication, you will be redirected and logged in to the wordpress site.
WordPress SAML Plugin
InCommon Discovery Service
If you don't find what you are looking for, please contact us at firstname.lastname@example.org or call us at +1 978 658 9387 to find an answer to your question about InCommon Federation.