CILogon and SAML ECP

Post date: Jul 28, 2011 9:11:01 PM

The CILogon Service ( now supports SAML ECP for non-browser applications. Until now, obtaining a certificate from CILogon required a web browser, because CILogon supported only browser-based authentication (via SAML or OpenID). Once downloaded, the certificate from CILogon could be used outside the browser, but forcing users to use a browser to obtain their certificate can introduce unnecessary complexity. The SAML ECP profile enables standard, non-browser federated authentication to CILogon, for those SAML identity providers that support it. Currently, very few InCommon campus identity providers support SAML ECP, but the CILogon project is working to encourage its adoption. In the meantime, SAML ECP is being evaluated by identity providers operated by research projects, including LIGO, LTER, and Bamboo, so researchers can use their project-based logins for command-line authentication. For more information about CILogon and ECP, please visit