Add Identity Provider

Required Steps

1. For your identity provider (IdP) to appear in the list at https://cilogon.org, please register your IdP with InCommon or another eduGAIN member federation. Alternatively, please contact us about an Essential Service or Full Service subscription to register your IdP directly with CILogon. (Note that CILogon also supports Google, GitHub, ORCID, and Microsoft identity providers for users from organizations without a registered IdP.)

2. For your IdP's users to successfully authenticate to CILogon, please release a subject-id and/or eduPersonPrincipalName attribute to CILogon that uniquely identifies the authenticated user.

3. Please test authentication to CILogon using your IdP at https://test.cilogon.org/testidp/.

Recommended Steps

For improved access and ease-of-use for your IdP's users, please also complete the following recommended steps:

4. Please configure your IdP to support the personalized entity category and/or the research and scholarship entity category to provide basic user attributes to CILogon. Some CILogon integrations require IdPs to include the http://refeds.org/category/research-and-scholarship tag in metadata. See: InCommon R&S Documentation

5. Please ensure that your IdP conforms to the Security Incident Response Trust Framework for Federated Identity (Sirtfi). Some CILogon integrations require IdPs to include the https://refeds.org/sirtfi tag in metadata. See: InCommon Sirtfi Documentation

6. Please configure your IdP to support REFEDS Assurance. Some CILogon integrations require IdPs to include an AuthnContextClassRef containing https://refeds.org/profile/mfa to indicate that the user performed multi-factor authentication. Also, the CILogon Silver CA requires an eduPersonAssurance value of "https://refeds.org/assurance/profile/cappuccino" and an AuthnContextClassRef containing https://refeds.org/profile/sfa or https://refeds.org/profile/mfa. If these eduPersonAssurance and AuthnContextClassRef values are not present, CILogon will issue certificates from the CILogon Basic CA instead. See the CILogon Silver FAQ for details.

Additional Details

CILogon's entityID is "https://cilogon.org/shibboleth". CILogon's SAML metadata can be downloaded from InCommon at: https://mdq.incommon.org/entities/https%3A%2F%2Fcilogon.org%2Fshibboleth 

Questions? Please see our FAQ or contact us at help@cilogon.org.