If you have gotten this far you or your colleague probably want to continue with the technical part. Roughly speaking, the technical part of connecting to SURFconext consists of these steps:
- For starters you will need to prepare your service to support one of the open standards SURFconext uses for authentication. These are SAML or OpenID Connect. You will need to implement the appropriate features to make your service work with SURFconext.
- Then you will connect your service to our Test environment so you can test with identity providers that have fictional, unverified user profiles. This will allow you to technically prepare your service for use with SURFconext. Using the test environment will also get you familiar with attributes or claims.
If you are done testing you will request promotion of the connection to the Production Environment. SURF will review the connection and check if the contractual part is done and all technical and privacy requirements are fulfilled. If we have found everything to be OK, we will send an invite to the institution(s) you have stated you want the connect with.
At this point the institution (Identity Provider) needs to be connect to your service. This requires some action from our side as well as the institution. Generally, if we know which institutions are going to use the service, we will inform them to release the requested attributes. Keep a list at hand with the institutions you want to connect to as well as contacts, name and email, we can refer to when sending the connection invite. This speeds up the process considerably.
- You can decide whether you want to allow access by non Dutch IdP's by connecting your service to eduGAIN.