Now that you are logged in, you can go and register your service on the SURFconext platform. Note that at this moment it's possible to independently register and test entities on the test environment of SURFconext. Although it is possible to add and edit production connections here, the SURFconext team will submit the changes and additions to the production environment on your request.
In this stage we assume that you:
Getting your service published on the Production Environment of SURFconext, the following needs to be taken care of:
- First you will add an entity.
- Fill out all the forms of that entity in the SP Dashboard. This is generally known as the metadata of your service in SURFconext.
- If your done with all the metadata, you can publish the entity to the test environment to start testing.
- You can manage your entities from here as well: add another one, remove an entity and promote, entity to production and more.
- If you are done, you can promote the entity to production.
An entity on SURFconext is the least you need to get going. Go to the detailed entities overview. Press 'Add new entity for test environment'.
If you see nothing familiar, start by selecting a service from the pull down at the top right of the window.
You will be prompted to select SAML 2.0 client, OpenID Connect client, or an OpenID Connect resource server. More information on the difference between OpenID Connect and SAML is in our documentation. More information on resource servers can be found here. Use the appropriate protocol and press 'create' to create a new registration form. We will use SAML 2.0 in the example below.
Fill out the form
Assuming you got acquainted with SAML by now, most of the form is self explanatory. Extra information about fields can be found under the question mark. It is important to consider the attributes you need to receive via SURFconext so set the Name ID and attributes accordingly. More information on attributes can be found on this page. Take your time to experiment with attributes whilst in the test environment.
SURFconext has a data minimisation policy, which means you only receive those attributes that are strictly needed to make your service work.
Publish your entity
Satisfied with your filled out form? Press the 'publish' button to push your entity to the test environment of SURFconext. Your service will be connected automatically to the test/diy IdP, ready to be tested.
Manage your entities
From the Donut overview press 'detailed entities overview' to get to the overview of all your entities. The three dots at the end of each row shows all options for that entity.
|published||Your service has been published (test or production)|
|draft||Your service is not yet published|
Limit access to your entity
By default, all IdP's that are connected to the test environment are able to log in to your service. If you want to limit that access, you can do so. In both the 'entity details' page and the 'detailed entities overview' page you can find "Edit IdP Whitelist": there you can choose which IdP's are allowed to connect to your service.
If you have sorted everything out and all is working as aspected you can promote your entity to production.
When you promote your entity to production we will run through some technical checks together and see if the contracts are in place. Besides this we need you to provide us with the institution(s) you want to connect with as well as a contact at the institution. The latter is important because institutions don't simply connect to a service not knowing who initiated it.