When you decide to use SAML you will have to make sure that your service supports the following:
- Security Assertion Markup Language 2.0 (More precisely the saml2int profile v0.2.1).
- HTTPS for all SAML 2.0 endpoints.
If your service already supports SAML 2.0, you can go to the next step and connect to our test environment. Otherwise, you will have to implement SAML support by integrating an existing SAML-product in your application. It is strongly advised not to implement a SAML library by yourself or write your own SAML implementation. Please use SimpleSAMLphp or Shibboleth.
SimpleSAMLphp is an application written in native PHP that deals with authentication. The main focus is providing support for:
- SimpleSAMLphp Service Provider QuickStart
- SimpleSAMLphp mailing lists
- Follow our step-by-step guide to configure your first SimpleSAMLphp enabled service
If your application is not written in PHP, you should use Shibboleth. Shibboleth extends your web server such as Apache HTTPd or Microsoft IIS with SAML functionality and leverages existing httpd server functionality to share SAML authentication information with a web application. You will find more here:
- Shibboleth wiki
- Mailing lists
- Follow our step-by-step guide to configure your first SAML enabled Shibboleth service
- Follow our step-by-step guide to integrate SAML and Shibboleth in your JAVA application.
Most services require extra information about the authenticated user, such as a name, email address or affiliation. This extra information comes in the form of attributes. In SURFconext, the user authenticates at his Identity Provider - this all happens using SAML. Read this page to see which attributes are available for use within your service.
SURFconext has a data minimisation policy, which means you only receive those attributes that are strictly needed to make your service work.
Read our SAML tutorials to setup your (first) service with SAML. We have depicted several examples so you can start federated authentication with Wordpress, PHP, Shibboleth, etc. You can also use these pages to check your config and debug your service.
As a next step, you probably want to connect to the SURFconext Test environment to test your SAML implementation.