Versions Compared

Old Version 21

changes.mady.by.user Teun Fransen

Saved on

compared with

New Version 22

changes.mady.by.user Teun Fransen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The SURFconext identifier is built from identifiers that the IdP of the user sends to SURFconext during authentication: 
urn:collab:person:{{urn:mace:terena.org:attribute-def:schacHomeOrganization}}:{{urn:mace:dir:attribute-def:uid}} 
where:

...

Example: urn:collab:person:some-organisation.example.org:m1234567890

SAML Response

...

Level: authentication strength

See explanation at "Levels of Assurance".

Implementation

SFO must be implemented at the SP. The authentication protocol is similar to the one used by the Strong Authentication gateway. The main difference is that the SP must send the identifier of the user in the Subject element of the SAML AuthnRequest (see description of AuthnRequest, line 2017).

...

An example code for using SFO with SimpleSAMLphp can be found at: https://github.com/SURFnet/Stepup-SFO-demo