Make sure your service supports one of the (open) standards SURFconext uses for authentication. The following options are available:
Need some guidance on choosing the right standard? In general, you will want to choose the protocol that is best supported by your application/framework/development platform. There are more and more ready to use plugins and/or libraries. (Please don't try to build your own implementation; use what is already available and thoroughly tested.)
Some broad characteristics to help you decide:
|SAML||Most mature choice|
|Supports eduGAIN and other federations|
|OpenID Connect||Modern protocol with broad library support|
|Easier to implement but less feature rich|
|Better suited when your service uses mobile apps|
When you decide to go for SAML, have a look at Preparation with SAML 2.0 .
When opting for OIDC, check out Preparation with OpenID Connect .
In case your users (also) login via a mobile app, please read this page.