Click here for the SAML 2.0 metadata for the Production environment.
Click here for the supported AuthenticationConextClassRef
ident=
ifiers.
M=
ost SAML 2.0 libraries are able to use these metadata. If not, use the info=
rmation here
EntityID
https://sa-gw.surfconext.nl/authentication/me=
tadata
Metadata
https://metadata.surfconext.nl/surfsecureid-metadata.xml
signing certificate
-----BEGIN CERTIFICATE-----MIIDsjCCAhoCCQDaq/SxtExjXTANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBn YXRld=
2F5X3NhbWxfaWRwMB4XDTIwMDQwOTExNDE1NVoXDTI1MDQwODExNDE1NVow GzEZMBcGA1UE=
AwwQZ2F0ZXdheV9zYW1sX2lkcDCCAaIwDQYJKoZIhvcNAQEBBQAD ggGPADCCAYoCggGBAL7=
dfZ65PjUxW9yRXRoJ0PDiSh2J0WZ792krxj00jJkyB/eF PnVg5hTVbt85qDkkZuiK8Ym0Su=
zeo1PA46fRALhnajQ22GQzK1mybQIAXZbs739g 49QAnoKY+wQW205EPtuQ8Y7BqFg+fmXKK=
o4gTlpX3FP5PTp18no99kKcCbx8hq9E faBKdlPOGvFJUFnTalcSm3djHnmn+/KuIMXM4HEg=
Q6fgHlqsJPWAxBqKBWxvQdTd e56dr2T64qNyj7t3u54rTCaip6c3vyTB80w8CK9M5mTTqp/=
Z+kxqhb255UUpLW1h zySgPfzSE4jtr05olkW+d4oMONKqYxlouUPhoUN5YBL3a1H0c8ns+h=
g1x5hBB5tW QpwY34ZpH+43RflHXdJ6/MxCY7odMuvcua/4iTyRXPkPoGleqguHx9RVe/yFG=
a+N vTZIo4YBoOESgcDyjU+XrlkmWmyMpYkn6TPdYMKo/bMQkFAE48JhREdpvHWpIrT1 =
PfUiCy/SLWy0HN0wCQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQCPrFBvw53LMd5w 2VpdmZC=
JuHg09uIu5F3Cy8eGg+hTLtb2CC9f66Ue/CsH4qrBFGSuBWdSBWS3fzVw mPYbI882J7JtLX=
ZCOyZFMVKaL2kk5D5pP8/NBCam9+cDnJ4zjYJJS3wcY2VMjH24 fNYu+Fix6p4mL8o8itTCq=
Jhb4zz4Ft8GZigxD8DXB/jYUTHWtS5ubMs/mOwxuQ2U E7QFdeE064TqSPpRVI8PBPxetRy5=
n00/JGFNou/pivUTavRMA3LZpIkxzlcddzf2 zUSaWnAGf1JoPxRWjMq5F1C/hZvW7qDX0jr=
YK7UE3oXi4NHrER0EUFwCS0PrDQRd DEYs/kVZmPsMT9thR0l11B7xU8xFOaYYOdP1tCY2jq=
Bruspx9ApnRI+es5j8Lr/q TbILTe3pVdNgWoNIeIBj2mINQQp0O0TqXSzbWO+nLJSkbZhPZ=
AXyX9ZP00aU4Sbn kkGJ29xWeqSL+Jh+rUSyMFU16Ri7gHZce+3VgkgyzvSBQFjfG6U=3D-----END CERTIFICATE-----
SingleSignOnService
Loca=
tion
https://sa-gw.surfconext.nl/authentication/si=
ngle-sign-on
SingleSignOnService
&n=
bsp;Binding
urn:oasis:names:tc:SAML:2.0:=
bindings:HTTP-Redirect
You can use Onegini for testing.
For Second Factor Only (SFO) authentication you must use a different=
endpoint with different metadata.
Click here for the SAML 2.0 metadata for the SFO endpoint of the production environment.
Click here for the supported Authenticat=
ionConextClassRef
identifiers.
M=
ost SAML 2.0 libraries are able to use these metadata. If not, use the info=
rmation here
EntityID
https://sa-gw.surfconext.nl/second-factor-onl=
y/metadata
Metadata
https://metadata.surfconext.nl/surfsec=
ureid-sfo-metadata.xml
-----BEGIN CERTIFICATE-----MIIDsjCCAhoCCQDaq/SxtExjXTANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBn YXRld=
2F5X3NhbWxfaWRwMB4XDTIwMDQwOTExNDE1NVoXDTI1MDQwODExNDE1NVow GzEZMBcGA1UE=
AwwQZ2F0ZXdheV9zYW1sX2lkcDCCAaIwDQYJKoZIhvcNAQEBBQAD ggGPADCCAYoCggGBAL7=
dfZ65PjUxW9yRXRoJ0PDiSh2J0WZ792krxj00jJkyB/eF PnVg5hTVbt85qDkkZuiK8Ym0Su=
zeo1PA46fRALhnajQ22GQzK1mybQIAXZbs739g 49QAnoKY+wQW205EPtuQ8Y7BqFg+fmXKK=
o4gTlpX3FP5PTp18no99kKcCbx8hq9E faBKdlPOGvFJUFnTalcSm3djHnmn+/KuIMXM4HEg=
Q6fgHlqsJPWAxBqKBWxvQdTd e56dr2T64qNyj7t3u54rTCaip6c3vyTB80w8CK9M5mTTqp/=
Z+kxqhb255UUpLW1h zySgPfzSE4jtr05olkW+d4oMONKqYxlouUPhoUN5YBL3a1H0c8ns+h=
g1x5hBB5tW QpwY34ZpH+43RflHXdJ6/MxCY7odMuvcua/4iTyRXPkPoGleqguHx9RVe/yFG=
a+N vTZIo4YBoOESgcDyjU+XrlkmWmyMpYkn6TPdYMKo/bMQkFAE48JhREdpvHWpIrT1 =
PfUiCy/SLWy0HN0wCQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQCPrFBvw53LMd5w 2VpdmZC=
JuHg09uIu5F3Cy8eGg+hTLtb2CC9f66Ue/CsH4qrBFGSuBWdSBWS3fzVw mPYbI882J7JtLX=
ZCOyZFMVKaL2kk5D5pP8/NBCam9+cDnJ4zjYJJS3wcY2VMjH24 fNYu+Fix6p4mL8o8itTCq=
Jhb4zz4Ft8GZigxD8DXB/jYUTHWtS5ubMs/mOwxuQ2U E7QFdeE064TqSPpRVI8PBPxetRy5=
n00/JGFNou/pivUTavRMA3LZpIkxzlcddzf2 zUSaWnAGf1JoPxRWjMq5F1C/hZvW7qDX0jr=
YK7UE3oXi4NHrER0EUFwCS0PrDQRd DEYs/kVZmPsMT9thR0l11B7xU8xFOaYYOdP1tCY2jq=
Bruspx9ApnRI+es5j8Lr/q TbILTe3pVdNgWoNIeIBj2mINQQp0O0TqXSzbWO+nLJSkbZhPZ=
AXyX9ZP00aU4Sbn kkGJ29xWeqSL+Jh+rUSyMFU16Ri7gHZce+3VgkgyzvSBQFjfG6U=3D-----END CERTIFICATE-----
SingleSignOnService
Loca=
tion
https://sa-gw.surfconext.nl/second-factor-onl=
y/single-sign-on
SingleSignOnService
&n=
bsp;Binding
urn:oasis:names:tc:SAML:2.0:=
bindings:HTTP-Redirect
The metadata above of SURFSecureID production is signed with a key that =
corresponds to the public key embedded in the following certificate. You ca=
n use this certificate to verify that the metadata you use from SURFsecureI=
D is valid.
Click here for the=
SAML 2.0 metadata for the Test environment.
Click here for the supported AuthenticationConextClassRef
ident=
ifiers.
M=
ost SAML 2.0 libraries are able to use these metadata. If not, use the info=
rmation here
EntityID
https://sa-gw.test.surfconext.nl/authenti=
cation/metadata
Metadata
https://metadata.test.surfconext.nl/surfsecureid-metadata.xml=
signing certificat
(Download =
certificate as PEM .crt file )
-----BEGIN CERTIFICATE-----MIIE8jCCA1qgAwIBAgIUD4MpAowfeNTa8dEJpJtl2r6PRDwwDQYJKoZIhvcNAQEL BQAwg=
YkxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdV dHJlY2h0MRUw=
EwYDVQQKDAxTVVJGbmV0IEIuVi4xEzARBgNVBAsMClNVUkZjb25l eHQxKjAoBgNVBAMMIXN=
hLWd3LnRlc3Quc3VyZmNvbmV4dC5ubCAyMDIwMDIyODAe Fw0yMDAyMjgxMTU1NTVaFw0yNT=
AyMjgxMTU1NTVaMIGJMQswCQYDVQQGEwJOTDEQ MA4GA1UECAwHVXRyZWNodDEQMA4GA1UEB=
wwHVXRyZWNodDEVMBMGA1UECgwMU1VS Rm5ldCBCLlYuMRMwEQYDVQQLDApTVVJGY29uZXh0=
MSowKAYDVQQDDCFzYS1ndy50 ZXN0LnN1cmZjb25leHQubmwgMjAyMDAyMjgwggGiMA0GCSq=
GSIb3DQEBAQUAA4IB jwAwggGKAoIBgQC7tTZherxOI0uI9l4aDEdZHAZb2RwGehbfGyuTzz=
ZqDqt42YC8 MkJIa/9e3HdJw/+x3Qb7xKpqpOcFcC5Divk8RQrzdKg8eP3LqR6+x73DiCAFb=
Mmb O2bZMqBUggTh4vY4e+gnFchQInw9Jg5wbkt5XzxFSaujeK4n8za5qxIEk9C55D7t =
RjHFwkJZoWTBl2wprRdbwSjwg+Bg7MO6MPXcNF9GFJ6IGaAJ3s7qUKVpvqAK6UH3 0Mx37Eh=
WpgKmyLf72B+U8BOGDX7X2NHnHPD5qZQJyhqDLbmcEsUCYn7WozoKCibI KQIEZAdUgb9TAb=
UO5c5eW+dSD61RRJ97Q4/DM9Bp+6Z+I/6h26i/h5MrSmrRNYDQ cmd8kkKGop/0a08IIcTVL=
56X2oIJckWX3GLZDmRpssp4vI4REEy55P8EoyD943ug Pn4s6p+88cS2cAlARjV0vehNNmPk=
Tlly1UyZ0oY5ljyvy3aadMdE1aLbdRW4axEb O4iZ/+Ym/EnfTncCAwEAAaNQME4wHQYDVR0=
OBBYEFFvR/86aQkE4Icbcm9XAz6Pm bHVCMB8GA1UdIwQYMBaAFFvR/86aQkE4Icbcm9XAz6=
PmbHVCMAwGA1UdEwQFMAMB Af8wDQYJKoZIhvcNAQELBQADggGBAARz8fvcwPEIU0pYAkOCz=
HhJWDzPf1Q5EAaD Fs6I1Zi7D8DN14dVjyOed61IaFMnhrv8IP0TdRLx0dgrj52ywaaDgN2M=
hRUCG4vD M34tca5KCdRO8AtgAZWYs3Td2Kjg+mkXyGwWIacpFzzTImflWt+dwZI0+I+y4/4=
g TwvC6RSuLzo1vXmtOZMkH57uTxAYeGy12vtmggMi64MlMmm/cwrxVQpQ6CClVmWu nU=
GaWG1MVcBt9MINLmJrCicFtegtw3i+euRH8K5SjIj702ChF+mXRqUCk+8q2Tsb zo+1EjASZ=
TxR9HlndjUzFhXadfUMD5ZldFsFEsfP7Nv57rCoS3WAcsGjXETsclZH H+vHg4wHOXnBUiVI=
HB22+xxGCCfl0X+WLnjonF50in/yfD7AZJbPIpbqLzuxdojd UAjXZnlW6ngnW58Qyj1IFvT=
W8kDmrBEPM1jc+KoPHg94lqrSF2CT6uU3gjQN+aPm /zBnSil4Dx2aub9LOcTC5on3519edw=
=3D=3D -----END CERTIFICATE-----
SingleSignOnService
Loca=
tion
https://sa-gw.test.surfconext.nl/authentic=
ation/single-sign-on
SingleSignOnService
&n=
bsp;Binding
urn:oasis:names:tc:SAML:2.0:=
bindings:HTTP-Redirect
You can use Onegini as an IdP for testing.
For second factor only authentication you must use a different endpoint =
with different metadata.
Click here for=
the SAML 2.0 metadata for the SFO endpoint of the Test environment.
Click here for the supported AuthenticationCo=
nextClassRef
identifiers.
Most=
SAML 2.0 libraries are able to use these metadata. If not, use the informa=
tion here
EntityID
https://sa-gw.test.surfconext.nl/second-factor-only/metadata =
signing certificate
(Download =
certificate as PEM .crt file )
-----BEGIN CERTIFICATE-----MIIE8jCCA1qgAwIBAgIUD4MpAowfeNTa8dEJpJtl2r6PRDwwDQYJKoZIhvcNAQEL BQAwg=
YkxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdV dHJlY2h0MRUw=
EwYDVQQKDAxTVVJGbmV0IEIuVi4xEzARBgNVBAsMClNVUkZjb25l eHQxKjAoBgNVBAMMIXN=
hLWd3LnRlc3Quc3VyZmNvbmV4dC5ubCAyMDIwMDIyODAe Fw0yMDAyMjgxMTU1NTVaFw0yNT=
AyMjgxMTU1NTVaMIGJMQswCQYDVQQGEwJOTDEQ MA4GA1UECAwHVXRyZWNodDEQMA4GA1UEB=
wwHVXRyZWNodDEVMBMGA1UECgwMU1VS Rm5ldCBCLlYuMRMwEQYDVQQLDApTVVJGY29uZXh0=
MSowKAYDVQQDDCFzYS1ndy50 ZXN0LnN1cmZjb25leHQubmwgMjAyMDAyMjgwggGiMA0GCSq=
GSIb3DQEBAQUAA4IB jwAwggGKAoIBgQC7tTZherxOI0uI9l4aDEdZHAZb2RwGehbfGyuTzz=
ZqDqt42YC8 MkJIa/9e3HdJw/+x3Qb7xKpqpOcFcC5Divk8RQrzdKg8eP3LqR6+x73DiCAFb=
Mmb O2bZMqBUggTh4vY4e+gnFchQInw9Jg5wbkt5XzxFSaujeK4n8za5qxIEk9C55D7t =
RjHFwkJZoWTBl2wprRdbwSjwg+Bg7MO6MPXcNF9GFJ6IGaAJ3s7qUKVpvqAK6UH3 0Mx37Eh=
WpgKmyLf72B+U8BOGDX7X2NHnHPD5qZQJyhqDLbmcEsUCYn7WozoKCibI KQIEZAdUgb9TAb=
UO5c5eW+dSD61RRJ97Q4/DM9Bp+6Z+I/6h26i/h5MrSmrRNYDQ cmd8kkKGop/0a08IIcTVL=
56X2oIJckWX3GLZDmRpssp4vI4REEy55P8EoyD943ug Pn4s6p+88cS2cAlARjV0vehNNmPk=
Tlly1UyZ0oY5ljyvy3aadMdE1aLbdRW4axEb O4iZ/+Ym/EnfTncCAwEAAaNQME4wHQYDVR0=
OBBYEFFvR/86aQkE4Icbcm9XAz6Pm bHVCMB8GA1UdIwQYMBaAFFvR/86aQkE4Icbcm9XAz6=
PmbHVCMAwGA1UdEwQFMAMB Af8wDQYJKoZIhvcNAQELBQADggGBAARz8fvcwPEIU0pYAkOCz=
HhJWDzPf1Q5EAaD Fs6I1Zi7D8DN14dVjyOed61IaFMnhrv8IP0TdRLx0dgrj52ywaaDgN2M=
hRUCG4vD M34tca5KCdRO8AtgAZWYs3Td2Kjg+mkXyGwWIacpFzzTImflWt+dwZI0+I+y4/4=
g TwvC6RSuLzo1vXmtOZMkH57uTxAYeGy12vtmggMi64MlMmm/cwrxVQpQ6CClVmWu nU=
GaWG1MVcBt9MINLmJrCicFtegtw3i+euRH8K5SjIj702ChF+mXRqUCk+8q2Tsb zo+1EjASZ=
TxR9HlndjUzFhXadfUMD5ZldFsFEsfP7Nv57rCoS3WAcsGjXETsclZH H+vHg4wHOXnBUiVI=
HB22+xxGCCfl0X+WLnjonF50in/yfD7AZJbPIpbqLzuxdojd UAjXZnlW6ngnW58Qyj1IFvT=
W8kDmrBEPM1jc+KoPHg94lqrSF2CT6uU3gjQN+aPm /zBnSil4Dx2aub9LOcTC5on3519edw=
=3D=3D -----END CERTIFICATE-----
SingleSignOnService
Loca=
tion
https://sa-gw.test.surfconext.nl/second-f=
actor-only/single-sign-on
SingleSignOnService
&n=
bsp;Binding
urn:oasis:names:tc:SAML:2.0:=
bindings:HTTP-Redirect
You can use eduID to test SPs .
The metadata above of SURFSecureID test is signed with a key that corres=
ponds to the public key embedded in the following certificate. You can use =
this certificate to verify that the metadata you use from SURFsecureID is v=
alid.