InCommon Federation Single Sign On (SSO)
InCommon Federation is an identity management federation operator for U.S. education and research institutions. It provides a common framework for trusted shared management to access online resources. InCommon uses SAML-based authentication and authorization systems for scalability and trusted collaborations among its community of participants.
Users are able to access federation services using a single user account and password. Affiliated users can employ the user IDs assigned to them by their home universities to access and use numerous services instead of having to maintain and use different accounts.
SLX Connect provides Single Sign-On solution with InCommon Federation on your WordPress site. Using this, your site can be integrated with InCommon Federation and your users will be able to access your site using their InCommon registered institution's credentials.
How SLX Connect SAML 2.0 Single Sign-On Plugin works with InCommon Federation?
Our Plugin works in this way:
- First, the user clicks on Login with InCommon button. This will redirect them to InCommon's discovery service, using which the users can select their home institutions.
- The discovery service sends some information to the plugin(This info is used by the plugin to identify which Institution was selected by the user).
- The plugin creates a SAML Authentication request and sends it to the Identity Provider associated with the selected institution.
- The user can see their institution's login page. After successful authentication with their institution, the user gets redirected and logged in to the Wordpress website.
- In the my.cnf/my.ini file of your server, increase the max_allowed_packet value such that it would be more than the size of the metadata file. (Since the InCommon IDP-only metadata file is of 26M, you can set the max_allowed_packet value to 30M)
- For large metadata files(greater than 2M), use the metadata URL. File upload for large files won’t work.
Configure the plugin
- After activating the plugin with your license key, go to the Service Provider Setup tab.
- Click on Upload Multiple IDPs button to upload multiple IDPs from a single metadata file.
- You can choose either a file or URL to upload the metadata.
- For large metadata files, the upload process may take some time. After successful completion of the upload process, you should be able to see all the IDPs listed.
NOTE: For large files, use the metadata URL. For updating the InCommon metadata file, copy the following link in the Enter Metadata URL text box and click on Fetch Metadata button. Download the metadata from here.
Configure the InCommon Federation
- You need to provide the miniorange entityID to the InCommon discovery service so that the discovery service can recognize the requests coming from the SLX Connect plugin. The entityID for the SLX Connect plugin can be found in the Service Provider Metadata tab of the plugin.
- You can provide the SP metadata to the InCommon discovery service which can be downloaded from the metadata URL given in Service Provider Metadata tab.
- After this, your users will be able to login to your site with their respective universities using the SLX Connect plugin.
Attribute / Role Mapping
- Using the Attribute/Role Mapping tab, you can assign different roles to different users and also map their attributes received from the IDP.
- You can configure IDP specific mapping as well as IDP-wide mapping using the Default Mapping option.
InCommon Federation - SSO Authentication Flow
- After configuring the plugin, you should see the Login with InCommon button on the WordPress login page. Click on this button to redirect to the InCommon discovery service.
- From the InCommon discovery service, select your home institution and click on next button.
- You will be redirected to the selected institution's login page for authentication.
- After successful authentication, you will be redirected and logged in to the wordpress Replica Handbags site.