Configuring InCommon Metadata
InCommon provides a metadata administration website at https://service1.internet2.edu/siteadmin/manage/.
CIS has already registered an IDP with InCommon for sso.brown.edu.
To register a new service provider with InCommon, you first get a certificate with InCommon, and then register the SP with InCommon. This must be done for each service provider federated with InCommon. These are the steps:
Generate a Private Key for Service Provider
openssl genrsa -aes256 -out [sp name]_key.pem
Enter pass phrase
Verifying - Enter pass phrase
Generate a Certificate Signing Request (CSR) for Service Provider
openssl req -
-key [sp name]_key.pem -out [sp name]_csr.pem
Enter pass phrase
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a
If you enter
, the field will be left blank.
Country Name (
letter code) [AU]:US
State or Province Name (full name) [Some-State]:Rhode Island
Locality Name (eg, city) :Providence
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Brown University
Organizational Unit Name (eg, section) :CIS
Common Name (eg, YOUR name) :[sp name]
Email Address :idm-shib-admin
Please enter the following
to be sent with your certificate request
A challenge password :
An optional company name :
Request a Certificate from InCommon for Service Provider
Copy the contents of the CSR file generated in the previous step, and paste it into the form at Incommon Certificates :: Submit New Certificate Signing Request (CSR). A human at InCommon will process the request and notify you when the certificate is ready. When ready, you can register a new service provider with InCommon (next step).
Register A New Service Provider with InCommon
Complete the form on the InCommon metadata administration website at Service Provider Metadata :: New Service Provider. The data should be formed like so:
Provider ID: https:
Contact Type: Technical
Contact Name: Shibboleth Administrator
Contact Email: idm-shib-admin
You may optionally enter administrative or support contacts for the service provider.