Page tree
Skip to end of metadata
Go to start of metadata

On this page we provide a list of the technical requirement that a service provider's SAML implementation must meet in order to connect to the SURFsecureID gateway.

Sending the Authentication Request

To initiate a authentication the SP must send a SAML 2.0 AuthnRequest to the SingleSignOnService Location of the SURFsecureID gateway. This location can be found in the SAML 2.0 metadata for SURFsecureID Metadata for Service Providers.

  • The SP must send a SAML 2.0 AuthnRequest using the urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect binding. Other bindings are not supported.
  • The AuthnRequest must be signed using signature algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256. Other signature algorithms are not supported
  • The AuthnRequest must not be encrypted

 

 

  • No labels