Registering as an SP in InCommon Federation
-
Is it possible to integrate as an SP using FusionAuth with IdPs that are in the InCommon Federation?
-
Hiya,
I'm not aware of this configuration. However, many FusionAuth folks use the software without ever talking to us, so I'm not aware that this would not work either.
I'd suggest downloading and giving it a try. From a brief web search, it looks like In Common doesn't work with OIDC just yet (I saw some draft specs). But FusionAuth also works with SAML and it looks like In Common supports that.
Useful links: https://spaces.at.internet2.edu/display/federation/Federation+references
Setting up FA as a SAML SP: https://fusionauth.io/docs/v1/tech/identity-providers/samlv2/
Lambdas to reconcile user attributes: https://fusionauth.io/docs/v1/tech/lambdas/samlv2-response-reconcile
Hope this helps. If you have more specific questions, please let us know.
-
@dan Thanks for the fast reply. I am actively experimenting with FusionAuth. I am impressed with it and was able to integrate with a SAML IdP easily.
The InCommon Federation is a collection of SAML metadata between trusted partners. What I have found is that each IdP added to FusionAuth generates it's own entityId. There is no way for one FusionAuth SP entityId to be registered with InCommon that multiple IdPs can use.
-
Thanks for experimenting. Is this an issue with FusionAuth or is this an issue with InCommon or some combination? Can you point me to any documentation that would help me learn more?
If there is a specific behavior that FusionAuth needs to implement to work with InCommon, we'd love to hear about it. Please add more detail here or file an issue on our GitHub repo: https://github.com/fusionauth/fusionauth-issues/issues
-
Looks like you added an issue: https://github.com/FusionAuth/fusionauth-issues/issues/668
Thanks!
