XSEDE InCommon Identity Provider

XSEDE InCommon Identity Provider

XSEDE's InCommon Identity Provider (IdP) idp.xsede.org allows XSEDE users to sign in to web sites that are part of the InCommon Federation (for example, GENI and ORCID) using their XSEDE accounts. This capability is especially useful for users who do not have an existing InCommon IdP provided by their home institution.

When signing in to a service that supports InCommon IdPs, first try using your home institution's IdP. If that option isn't available, choose XSEDE from the list of IdPs to sign in with your XSEDE account. Your web browser will be redirected to idp.xsede.org to complete the sign-in operation. The XSEDE IdP will prompt for Duo authentication. If you are not enrolled with Duo, you will be prompted to set up Duo. See Multi-Factor Authentication with Duo for an example walk-through. As always, you should only enter your XSEDE password on xsede.org sites.

The XSEDE IdP implements optional single sign-on (SSO), meaning that if you have already authenticated at idp.xsede.org recently, you will not be prompted again for your password. To disable SSO for idp.xsede.org, check the "Don't Remember Login" checkbox so that you will be prompted to sign in next time. If you did not check the "Don't Remember Login" checkbox and would like to be prompted to sign in to idp.xsede.org, you can do so by clearing your browser cookies for idp.xsede.org.

XSEDE's InCommon IdP conforms to the standards set by the REFEDS Research and Scholarship and REFEDS Security Incident Response Trust Framework for Federated Identity for global interoperability.

Frequently Asked Questions (FAQs)

Q: What SAML attributes are released by idp.xsede.org?

A: The XSEDE Identity Provider (IdP) releases the following Research & Scholarship (R&S) attributes to all Service Providers (SPs).

  • eduPersonPrincipalName (ePPN)
  • eduPersonTargetedID (ePTID)
  • eduPersonAssurance
  • displayName
  • givenName
  • sn (surName)
  • mail

See InCommon Federation Attribute Overview for more information.

Q: Does idp.xsede.org support command line clients?

A: Yes, Enhanced Client or Proxy (ECP) is supported by idp.xsede.org. Details of a sample Perl script for use with cilogon.org can be found at http://www.cilogon.org/ecp . If you have Duo authentication enabled for your account, your primary Duo authentication method will be invoked automatically (e.g., "auto push").

Key Points
XSEDE is a full InCommon member.
If your local institution does is not an InCommon member, you can use your XSEDE identity to access many federated resources.
Contact Information