Using InCommon
  • 26 Oct 2022
  • 1 Minute to read
  • Dark

Using InCommon

  • Dark

Article Summary

SAML 2.0 InCommon

InCommon Federation provides secure single sign-on access to services and global collaboration tools provided by educational institutions, research organizations, and commercial resource providers. This functionality is now available in RapidIdentity.

When creating a SAML 2.0 Federation partner (Configuration > Security > Identity Providers > Federation Partners), there is an option in the General menu to define whether the partner Is InCommon. Enabling this feature both activates the InCommon feature and defines how frequently the InCommon metadata is refreshed. InCommon sets up the metadata for users so that they can launch an app from any server from any other server once InCommon has been configured.
InCommon Expanded.png

Example Architecture

InCommon Flow.png

In this use case scenario, a researcher at an institution usually works in a building that uses Server 3, which contains Application 100. They are currently located in a building that uses Server 1. To access that application, the Server 3 sends a request to InCommon, which checks the existing service provider and application metadata to see whether this user is authorized to access that application. If the researcher is authorized, then the application launches.

The refresh rate configured on the InCommon Federation Partner defines how frequently this metadata is refreshed to reflect changes in any of the InCommon environments.


For InCommon SAML Federation Partner configurations, the two following attributes must be set:

  • eduPersonPrincipalName - this attribute must correspond to the name of the user
  • eduPersonScopedAffiliation - this attribute must correspond to the user's relationship to the institution (e.g., Student, Teacher, etc.)

Was this article helpful?