. This means that a network or channel separate from the primary network supplies the Service Provider with a username and a secret. All the necessary technical information such as endpoints, supported algorithms and supported claims can be found at the .well-kown endpoint: https://oidc.surfconext.nl/.well-known/openid-configuration.
SURFconext couples the SP and the IdP based on specific rules.
Note that SURFconext itself does not authenticate users: this is done by the connected Identity Providers. This authentication flow in OpenID Connect is depicted below. Let's dive into this. Image Modified OpenID Connect authentication process in stepsThe |