Date: Fri, 29 Mar 2024 11:03:25 +0100 (CET) Message-ID: <824639666.7716.1711706605994@wiki01p.surfnet.nl> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7715_141720925.1711706605994" ------=_Part_7715_141720925.1711706605994 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
When you decide to use SAML you wi=
ll have to make sure that your service supports the following:
=
p>
If your service already supports SAML 2.0, you can go to the next step = and connect to our test environment. Otherwise, you will have to implement = SAML support by integrating an existing SAML-product in your application. <= strong>It is strongly advised not to implement a SAML library by yourself o= r write your own SAML implementation. Please use SimpleSAM= Lphp or Shibboleth.
SimpleSAMLphp is an application written in native PHP that deals with au= thentication. The main focus is providing support for:
So, if your application is written in PHP, you should use Si= mpleSAMLphp. Follow the documentation as found on SimpleSAML.org= a>. Read the following to prepare your service:
If your application is not written in PHP, you should use Shibb= oleth. Shibboleth extends your web server such as Apache HTTPd<= /strong> or Microsoft IIS with SAML functionality and leve= rages existing httpd server functionality to share SAML authentication info= rmation with a web application. You will find more here:
Most services require extra information about the authenticated user,&nb= sp;such as a name, email address or affiliation. This extra information com= es in the form of attributes. In SURFconext, the user auth= enticates at his Identity Provider - this all happens using SAML. Read this page to see = which attributes are available for use within your service.
SURFconext has a data minimisation policy, which means = you only receive those attributes that are strictly needed= to make your service work.
Read our SAML tutorial= s to setup your (first) service with SAML. We have depicted several exa= mples so you can start federated authentication with Wordpress, PHP, Shibbo= leth, etc. You can also use these pages to check your config and debug your= service.
As a next step, you probably want to connect to the SURFconext Test environment to test your SAML implemen= tation or return to our step by step guide to continue.