SURFconext cannot verify the configuration steps below as we are not a customer of this service provider. We have collected the information below from our connected institutions to the best of our knowledge. If you have remarks or tips you want to share, please send them to support@surfconext.nl.
This guide describes the steps required to create a working SAML integration between SURF and GoBright. GoBright is a user-friendly, cloud-based platform for Room, Desk & Visitor Management and Digital Signage solutions.
Attributes
See the SURFconext Dashboard for SAML attribute requirements or read our attributes page. Attributes needed in the IdP configuration and forwarded by SURFconext to GoBright are:
- urn:mace:dir:attribute-def:displayName
- urn:mace:dir:attribute-def:mail
- urn:mace:dir:attribute-def:schacHomeOrganization
SIngle- or Multi-tenancy
GoBright is a single-tenant service. Every Identity Provider has their own instance and need to be maintained by the Identity Provider the instance belongs to.Configuration
Step 1 - Request access to the SURFconext SP Dashboard
The GoBright integration will need to be provisioned as a ‘single tenant’ application in SURFconext.Therefore access to the 'SURFconextSP Dashboard' is required.You can request access by sending an email to 'support@surfconext.nl' with the request access to the SP Dashboard, to be able to get an integration with GoBright. GoBright is already known and approved by SURFconext, and therefore will easily be approved in the process
Step 2 - GoBright admin center
Log in to the admin center of the GoBright portal. Create an integration of type ‘SAML’ (or reconfigure the existing ‘SAML’ integration).
In the form fill the following information:
- Service Provider Information:
- The shown ‘Relying party identifier’ and ‘Reply URL (Assertion Consumer Service URL)’ will be needed in the next step when configuring the SURF SP Dashboard.
- Identity Provider settings:
- Single Sign-on service url:
- Fill with: https://engine.surfconext.nl/authentication/idp/single-sign-on/key:20181213
- Single logout service url:
- Leave empty
- Token-signing certificate (Base64):
- Fill with:
- Processing settings:
- If desirable can be configured like normal, but not required. See article: link (please skip step 1 & 2).
- Single Sign-on service url:
Step 3: Configuration GoBright in SURFconext SP Dashboard
Log in to the SURF SP Dashboard. Create a SAML Service Provider, with the following details:
Section ‘Metadata’:
- Import url:
- Leave empty
- Pasted metadata:
- Leave empty
- Metadata url:
- Leave empty
- Acs location:
- Copy from the ‘Reply URL (Assertion Consumer Service URL)’ in the GoBright integration
- Entity id:
- Copy from the ‘Relying party identifier’ in the GoBright integration
- Name id format:
- 'Select ‘Persistent'
- Certificate:
- Leave empty
- Logo url:
- Can be filled with: https://portal.gobright.cloud/login/assets/images/logo.png
- Name en/nl:
- GoBright
- Description en/nl:
- The GoBright platform offers smart software solutions for desk, room & visitor management and digital signage.
- Application url:
- Fill with: https://portal.gobright.cloud
- Eula url:
- Contact information:
- To be defined by yourselves. Use functional addresses if possible (e.g. support@institution.nl)
- Section Attributes:
- Please make sure the following boxes are enabled:
- Display name(urn:mace:dir:attribute-def:displayName)
- Email address(urn:mace:dir:attribute-def:mail)
- Home Organization (urn:mace:terena.org:attribute-def:schacHomeOrganization)
- Please make sure the following boxes are enabled:
Once everything is setup, create a new entity for production and copy the data from the entity you have created on test. We will review your setup!