Federated Authentication
InCommon Federated Authentication
UF hosts several web applications that are registered as Research and Scholarship (R&S) Entities with the InCommon Federation (Research and Scholarship Category – InCommon). This registration allows us to provide federated login, enabling the capability for non-UF individuals to authenticate to certain UF applications using credentials from their home institution.
In order for the federated authentication to work, the institution must have their SSO Identity Provider configured to release the standard set of attributes REFEDS lists (Research and Scholarship FAQ – Entity-Categories – REFEDS wiki) to any Service Provider that has the R&S attribute through InCommon. InCommon provides a useful guide (Identity provider – support Research and Scholarship – InCommon Federation – Internet2 Wiki) for configuring your IdP to provide this functionality.
In addition to the R&S attributes, we require multi-factor authentication (MFA) be performed when logging into our Research and Scholarship applications. This is enforced by including the REFEDS MFA Profile (Introducing the REFEDS MFA Profile – Profiles – REFEDS wiki) as part of the authentication request our SP sends to the IdP, and then rejecting any response that does not include an MFA declaration. Please review the InCommon guide (Supporting the REFEDS MFA Profile) for supporting the REFEDS MFA Profile.
Resources
- Research & Scholarship FAQ
- How can you configure the IdP to support Research & Scholarship
- REFEDS MFA Profile FAQ
- How can you configure the IdP to support the REFEDS MFA profile
Assistance
If you have any further questions or need more assistance, please reach out to Identity-Services@it.ufl.edu
