Page tree
Skip to end of metadata
Go to start of metadata

When you decide to use SAML you will have to make sure that your service supports the following:

  • Security Assertion Markup Language 2.0 (More precisely the saml2int profile v0.2.1).
  • HTTPS for all SAML 2.0 endpoints.

If your service already supports SAML 2.0, you can go to the next step and connect to our test environment. Otherwise, you will have to implement SAML support by integrating an existing SAML-product in your application. It is strongly advised not to implement a SAML library by yourself or write your own SAML implementation. Please use SimpleSAMLphp or Shibboleth.

SimpleSAMLphp

SimpleSAMLphp is an application written in native PHP that deals with authentication. The main focus is providing support for:

So, if your application is written in PHP, you should use SimpleSAMLphp. Follow the documentation as found on SimpleSAML.org. Read the following to prepare your service:

Shibboleth

If your application is not written in PHP, you should use Shibboleth. Shibboleth extends your web server such as Apache HTTPd or Microsoft IIS with SAML functionality and leverages existing httpd server functionality to share SAML authentication information with a web application. You will find more here:

Attributes

Most services require extra information about the authenticated user, such as a name, email address or affiliation. This extra information comes in the form of attributes. In SURFconext, the user authenticates at his Identity Provider - this all happens using SAML. Read this page to see which attributes are available for use within your service.

SURFconext has a data minimisation policy, which means you only receive those attributes that are strictly needed to make your service work.

SAML Tutorials

Read our SAML tutorials to setup your (first) service with SAML. We have depicted several examples so you can start federated authentication with Wordpress, PHP, Shibboleth, etc. You can also use these pages to check your config and debug your service.

Next step

As a next step, you probably want to connect to the SURFconext Test environment to test your SAML implementation.


Navigate





  • No labels