After reading this page you will be ready to publish your service on our production environment. Before you continue, be sure to have to following covered:
- You have successfully tested your entity on the test environment.
- The SURFconext Agreement is in place.
- Your service meets the security requirements and makes use HTTPS and TLS.
- You have a list at hand with the institutions you want to connect with as well as contacts, name and email, we can refer to when sending the connection invite.
Now, your service has been properly tested and contracts are in place and the security requirements are met. This means that your service can be promoted to production. Let's go through this.
Copy to production
Hover over the three dots and press the 'copy to production' button. The Service Provider registration form will open. You can add some last details if needed.
Review data yourself
Before pressing on the 'Publish' button on the bottom of the page, review the data. Check to see if the attributes as released are motivated, the technical and support contacts entered, etc. If you are done, proceed.
Publish service to production
All good? Press 'Publish' to promote your entity to production. Be aware that this does not automatically push the service to the SURFconext production environment since we will review this first. A ticket will be created and a mail will be send to the SURFconext Team. We will review the service and when all good, push the service to production mode.
Check your data
At this stage, we will do some checks. To keep everything up to speed, check the following prior to publishing your service:
- Think about the attributes your service actually needs. If we find not or poorly motivated use of attributes or in our opinion, to many attributes we can and will discuss this with you.
- If in this stage our test on SSL Labs fails to meet our requirements, you will need to fine tune your service using our test environment. You will need an overall Rating B or higher. Check this link to get an A rating on SSL Labs.
- We need to have some references at the institution(s) you will connect to. Have these contacts at hand, name and email, so we can use them to refer to when sending the connection request.
- If all is OK and you get the confirmation, configure the SURFconext production metadata in your service: https://metadata.surfconext.nl/idp-metadata.xml
- We will notify you when the service is set to the production environment.
Connect to institutions/IdP's
Remember that at this point the institution (Identity Provider) still needs to be connected to your service. This requires some action from our side as well as the institution. Generally, if we know which institutions are going to use the service, we will inform them to release the requested attributes. Keep a list at hand with the institutions you want to connect to as well as contacts, name and email, we can refer to when sending the connection invite. See how this works (Dutch only).
Edit production entity
When the production entity has the following states, it's possible to edit the entity:
Update a Production Entity