Page tree
Skip to end of metadata
Go to start of metadata

On this page we provide a list of the technical requirement that a service provider's SAML implementation must meet in order to connect to the SURFsecureID gateway.

Sending the Authentication Request

To initiate a authentication the SP must send a SAML 2.0 AuthnRequest to the SingleSignOnService Location of the SURFsecureID gateway. This location can be found in the SAML 2.0 metadata for SURFsecureID Metadata for Service Providers.

  • The SP must send a SAML 2.0 AuthnRequest using the urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect binding. Other bindings are not supported.
  • The AuthnRequest must be signed using signature algorithm Other signature algorithms are not supported
  • The AuthnRequest must not be encrypted



  • No labels