Shibboleth via InCommon Federation
To authenticate using BearID (Baylor’s network ID), ITS requires a federated authentication through the InCommon Federation. Baylor will utilize Shibboleth for authentication. Below are specific aspects of Shibboleth through InCommon authentication:
- The vendor must be a member of the InCommon federation.
- The vendor partner must publish their service provider metadata into the InCommon metadata listing.
- Baylor will only pass BearID (InCommon attribute cn) and email address as attributes. Other attributes are available upon request, but are subject to approval by ITS.
- The attributes exchanged should be reviewed and approved specifically before implementation.
- Timelines for the project will need to be established in consideration of this authentication implementation requirement and the personnel resources required from both Baylor ITS and the vendor partner.
- If needed, Baylor recommends Unicon.net as a potential consulting partner for service provider Shibboleth/InCommon implementation projects.
Because Baylor requires InCommon Federation membership for its Shibboleth authentication implementation, Baylor will sponsor vendors selected as university partners into the InCommon Federation. The following information must be provided for inclusion in the sponsorship letter:
- Partner Executive Contact Name (and Title)
- Partner Executive Contact E-Mail
- Sponsored Partner's URL
The vendor partner must provide Baylor with the following:
- entityID of their Service Provider
- technical contact to work with Baylor ITS staff member on the Shibboleth/InCommon implementation
Baylor’s Shibboleth Information:
iDP entityID: https://shibboleth-2.baylor.edu/idp/shibboleth
iDP Login URL: https://shibboleth-2.baylor.edu/idp/profile/SAML2/Redirect/SSO
iDP metadata: Available within the InCommon metadata. Any future changes will be reflected in that location.