| Info |
|---|
The SURFsecureId Production , Pilot and Test environments use different AuthnContextClassRef identifiers. |
| Info |
|---|
On juli 2nd 2020 the signing certificate of SURFsecureID production will be replaced. For more information see SURFsecureID Key Rollover |
| Info |
|---|
The metadata of the SURFsecureID production was moved to a new location. All metadata is now hosted on https://metadata.surfconext.nl.Click here for the SAML 2.0 metadata for the Production environment.
Click here for the supported AuthenticationConextClassRef identifiers.
| Expand |
|---|
| title | Most SAML 2.0 libraries are able to use these metadata. If not, use the information here |
|---|
|
EntityID | https://sa-gw.surfconext.nl/authentication/metadata | Metadata
| https://metadata.surfconext.nl/surfsecureid-metadata.xml
| signing | certificate (current)( download ) certificate | as PEM .crt file
| -----BEGIN CERTIFICATE----- |
MIICsjCCAZoCCQDHN3+HzElEDDANBgkqhkiG9w0BAQUFADAbMRkwFwYDVQQDFBBn
YXRld2F5X3NhbWxfaWRwMB4XDTE1MDcyMzEyMTUxOVoXDTIwMDcyMTEyMTUxOVow
GzEZMBcGA1UEAxQQZ2F0ZXdheV9zYW1sX2lkcDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALK/JwHWd5JftXYKO9qcTQ4dfKEnl35oJj6PlEyR6gpikdpg
m2OY/zy4e7vcXfBChedVF3OUI4rRDWCz4yXT2sldzjuIyONJfA86xva5lxDARqT/
+gRBuZ2pyMTb0okvl1G9ZlAjPumVH14591rp6OGT5TJIkILQ/pKp1INdiBqpiR53
Z5YvsXEUJ8PHHZyILO00HnBldq0d77lmATr6QamXpbY+CZ9pIw65t32fhFcUfRC6
8C81/P2crCn3v5GMyrQcM/tB/xdVf/haEZiqgI/bjcreBpQobnAhwEsve+uvbSLF
N1Rsc7o0W/7Pn6EGBX1h9rjKjDgqssHuWkVuU4sCAwEAATANBgkqhkiG9w0BAQUF
AAOCAQEAmlqfTvEfGDeqqqvuAMDG5IKDo6h21wwByywNbRhimfOvL6FqIgAgx+D3
gxW1lO41PcqQQKYIVUEAuYv+tW8COLdHcFRh/UV9ei4iquMwBCkO/XOoMC9FsRBo
3yPaQClRK8OYj1IXer4JXNuFHeLblzf+GLYFoqMWWwT2dnBLAePoEgANKUm2aasx
yiJmnroNa+O5zTP9ExT3qHphCCG1gh3iHrQu9iSEJxY12zAQYtPomIs8Vk/GBfj+
ucUiBEEqaMpCH+t6f0VOIoP1SNHgNAaeBLVuOpS0VlLnwZFJkNPVOQpFgRuoFsH3
/9i53Fs3eQreb9wzq2VkjDhhlc5eyA==
| -----END CERTIFICATE-----signing certificate (new) | -----BEGIN CERTIFICATE-----
MIIDsjCCAhoCCQDaq/SxtExjXTANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBn
YXRld2F5X3NhbWxfaWRwMB4XDTIwMDQwOTExNDE1NVoXDTI1MDQwODExNDE1NVow
GzEZMBcGA1UEAwwQZ2F0ZXdheV9zYW1sX2lkcDCCAaIwDQYJKoZIhvcNAQEBBQAD
ggGPADCCAYoCggGBAL7dfZ65PjUxW9yRXRoJ0PDiSh2J0WZ792krxj00jJkyB/eF
PnVg5hTVbt85qDkkZuiK8Ym0Suzeo1PA46fRALhnajQ22GQzK1mybQIAXZbs739g
49QAnoKY+wQW205EPtuQ8Y7BqFg+fmXKKo4gTlpX3FP5PTp18no99kKcCbx8hq9E
faBKdlPOGvFJUFnTalcSm3djHnmn+/KuIMXM4HEgQ6fgHlqsJPWAxBqKBWxvQdTd
e56dr2T64qNyj7t3u54rTCaip6c3vyTB80w8CK9M5mTTqp/Z+kxqhb255UUpLW1h
zySgPfzSE4jtr05olkW+d4oMONKqYxlouUPhoUN5YBL3a1H0c8ns+hg1x5hBB5tW
QpwY34ZpH+43RflHXdJ6/MxCY7odMuvcua/4iTyRXPkPoGleqguHx9RVe/yFGa+N
vTZIo4YBoOESgcDyjU+XrlkmWmyMpYkn6TPdYMKo/bMQkFAE48JhREdpvHWpIrT1
PfUiCy/SLWy0HN0wCQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQCPrFBvw53LMd5w
2VpdmZCJuHg09uIu5F3Cy8eGg+hTLtb2CC9f66Ue/CsH4qrBFGSuBWdSBWS3fzVw
mPYbI882J7JtLXZCOyZFMVKaL2kk5D5pP8/NBCam9+cDnJ4zjYJJS3wcY2VMjH24
fNYu+Fix6p4mL8o8itTCqJhb4zz4Ft8GZigxD8DXB/jYUTHWtS5ubMs/mOwxuQ2U
E7QFdeE064TqSPpRVI8PBPxetRy5n00/JGFNou/pivUTavRMA3LZpIkxzlcddzf2
zUSaWnAGf1JoPxRWjMq5F1C/hZvW7qDX0jrYK7UE3oXi4NHrER0EUFwCS0PrDQRd
DEYs/kVZmPsMT9thR0l11B7xU8xFOaYYOdP1tCY2jqBruspx9ApnRI+es5j8Lr/q
TbILTe3pVdNgWoNIeIBj2mINQQp0O0TqXSzbWO+nLJSkbZhPZAXyX9ZP00aU4Sbn
kkGJ29xWeqSL+Jh+rUSyMFU16Ri7gHZce+3VgkgyzvSBQFjfG6U=
-----END CERTIFICATE----- | SingleSignOnService Location | https://sa-gw.surfconext.nl/authentication/single-sign-on | SingleSignOnService Binding | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect | |
You can use Onegini for testing.
For Second Factor Only (SFO) authentication you must use a different endpoint with different metadata.
Click here for the SAML 2.0 metadata for the SFO endpoint of the production environment.
Click here for the supported AuthenticationConextClassRef identifiers.
| Expand |
|---|
| title | Most SAML 2.0 libraries are able to use these metadata. If not, use the information here |
|---|
|
EntityID | https://sa-gw.surfconext.nl/second-factor-only/metadata | Metadata | https://metadata.surfconext.nl/surfsecureid-sfo-metadata.xml
| | (current)
Until juli 2nd 2020 | -----BEGIN CERTIFICATE----- |
MIICsjCCAZoCCQDHN3+HzElEDDANBgkqhkiG9w0BAQUFADAbMRkwFwYDVQQDFBBn
YXRld2F5X3NhbWxfaWRwMB4XDTE1MDcyMzEyMTUxOVoXDTIwMDcyMTEyMTUxOVow
GzEZMBcGA1UEAxQQZ2F0ZXdheV9zYW1sX2lkcDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALK/JwHWd5JftXYKO9qcTQ4dfKEnl35oJj6PlEyR6gpikdpg
m2OY/zy4e7vcXfBChedVF3OUI4rRDWCz4yXT2sldzjuIyONJfA86xva5lxDARqT/
+gRBuZ2pyMTb0okvl1G9ZlAjPumVH14591rp6OGT5TJIkILQ/pKp1INdiBqpiR53
Z5YvsXEUJ8PHHZyILO00HnBldq0d77lmATr6QamXpbY+CZ9pIw65t32fhFcUfRC6
8C81/P2crCn3v5GMyrQcM/tB/xdVf/haEZiqgI/bjcreBpQobnAhwEsve+uvbSLF
N1Rsc7o0W/7Pn6EGBX1h9rjKjDgqssHuWkVuU4sCAwEAATANBgkqhkiG9w0BAQUF
AAOCAQEAmlqfTvEfGDeqqqvuAMDG5IKDo6h21wwByywNbRhimfOvL6FqIgAgx+D3
| gxW1lO41PcqQQKYIVUEAuYv+tW8COLdHcFRh/UV9ei4iquMwBCkO/XOoMC9FsRBo
3yPaQClRK8OYj1IXer4JXNuFHeLblzf+GLYFoqMWWwT2dnBLAePoEgANKUm2aasx
yiJmnroNa+O5zTP9ExT3qHphCCG1gh3iHrQu9iSEJxY12zAQYtPomIs8Vk/GBfj+
ucUiBEEqaMpCH+t6f0VOIoP1SNHgNAaeBLVuOpS0VlLnwZFJkNPVOQpFgRuoFsH3
/9i53Fs3eQreb9wzq2VkjDhhlc5eyA==
-----END CERTIFICATE-----signing certificate (new)
From juli 2nd 2020
(download certificate as PEM .crt file) | -----BEGIN CERTIFICATE-----
MIIDsjCCAhoCCQDaq/SxtExjXTANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBn
YXRld2F5X3NhbWxfaWRwMB4XDTIwMDQwOTExNDE1NVoXDTI1MDQwODExNDE1NVow
GzEZMBcGA1UEAwwQZ2F0ZXdheV9zYW1sX2lkcDCCAaIwDQYJKoZIhvcNAQEBBQAD
ggGPADCCAYoCggGBAL7dfZ65PjUxW9yRXRoJ0PDiSh2J0WZ792krxj00jJkyB/eF
PnVg5hTVbt85qDkkZuiK8Ym0Suzeo1PA46fRALhnajQ22GQzK1mybQIAXZbs739g
49QAnoKY+wQW205EPtuQ8Y7BqFg+fmXKKo4gTlpX3FP5PTp18no99kKcCbx8hq9E
faBKdlPOGvFJUFnTalcSm3djHnmn+/KuIMXM4HEgQ6fgHlqsJPWAxBqKBWxvQdTd
e56dr2T64qNyj7t3u54rTCaip6c3vyTB80w8CK9M5mTTqp/Z+kxqhb255UUpLW1h
zySgPfzSE4jtr05olkW+d4oMONKqYxlouUPhoUN5YBL3a1H0c8ns+hg1x5hBB5tW
QpwY34ZpH+43RflHXdJ6/MxCY7odMuvcua/4iTyRXPkPoGleqguHx9RVe/yFGa+N
vTZIo4YBoOESgcDyjU+XrlkmWmyMpYkn6TPdYMKo/bMQkFAE48JhREdpvHWpIrT1
PfUiCy/SLWy0HN0wCQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQCPrFBvw53LMd5w
2VpdmZCJuHg09uIu5F3Cy8eGg+hTLtb2CC9f66Ue/CsH4qrBFGSuBWdSBWS3fzVw
mPYbI882J7JtLXZCOyZFMVKaL2kk5D5pP8/NBCam9+cDnJ4zjYJJS3wcY2VMjH24
fNYu+Fix6p4mL8o8itTCqJhb4zz4Ft8GZigxD8DXB/jYUTHWtS5ubMs/mOwxuQ2U
E7QFdeE064TqSPpRVI8PBPxetRy5n00/JGFNou/pivUTavRMA3LZpIkxzlcddzf2
zUSaWnAGf1JoPxRWjMq5F1C/hZvW7qDX0jrYK7UE3oXi4NHrER0EUFwCS0PrDQRd
DEYs/kVZmPsMT9thR0l11B7xU8xFOaYYOdP1tCY2jqBruspx9ApnRI+es5j8Lr/q
TbILTe3pVdNgWoNIeIBj2mINQQp0O0TqXSzbWO+nLJSkbZhPZAXyX9ZP00aU4Sbn
kkGJ29xWeqSL+Jh+rUSyMFU16Ri7gHZce+3VgkgyzvSBQFjfG6U=
-----END CERTIFICATE----- | SingleSignOnService Location | https://sa-gw.surfconext.nl/second-factor-only/single-sign-on | SingleSignOnService Binding | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect | |
Click here for the SAML 2.0 metadata for the Pilot environment.
Click here for the supported AuthenticationConextClassRef identifiers.
| Expand |
|---|
| title | Most SAML 2.0 libraries are able to use these metadata. If not, use the information here |
|---|
|
EntityID | https://gateway.pilot.stepup.surfconext.nl/authentication/metadata |
signing certificate
(download certificate as PEM .crt file) | -----BEGIN CERTIFICATE-----
MIICwjCCAaoCCQDs1IDIiytYMTANBgkqhkiG9w0BAQUFADAjMSEwHwYDVQQDDBhT
dGVwdXAgUGlsb3QgR2F0ZXdheSBJZFAwHhcNMTUwMjI3MTA0MTU5WhcNMjUwMjI0
MTA0MTU5WjAjMSEwHwYDVQQDDBhTdGVwdXAgUGlsb3QgR2F0ZXdheSBJZFAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzlSzxPhG+B+o0ulUcR499NoMh
aP4oX0+zpzi2vfY+Q1qw8x6b0eeUrIk99IpMrWN74twvuQ/eIecLZXIYhG94AYGB
620OX7KMM8oCfdjc2I0lk8d+/rsxUqH0U4DDVBryrMcLjLGwe2CMncdSBuc2LCg1
5TveClC/QW/NJ6rvDiR1GoLouqx+CLBd+z2gwC+Od7YTUVY+22XrVzatzOZuz8Wd
vja4VxHzv9Qyi6ta78ah345HWLeZsIh6pRF80qX0lpPRgwQSVXNpT8IxvoL28ViV
VGkLU5SmdS3fbfLzlL5i3jHpWFcvRGPj5z8zmVZuDAka6P80WiKDVRg7gouXAgMB
AAEwDQYJKoZIhvcNAQEFBQADggEBANlnKHackl7MfHi+0lxb/ERuMkRpIGej29RS
WL0aFojNpRjN2ihnuIjp4PPk98xQCKbVeN+PWXNqrrschbUfC5ikcYP5hoU7WJrH
AWvEwmMNy1/UzcKtSgNby8loLFRzi68R92ZTumgFEBFYow9HzgC3HvDeBpRw/qFL
ZjsYqAjezTeRtafx8NIaBtKabRr5hedwUpnzldFbPqLxR1o0B/tqcUIqJOjdpEFI
Yus7VcBI6N6T1TKB4DyfqjbgzxhS5zrE1jFeKaamRWCqKUcEUfngoxQWlKd9LSBW
RXjw0aM+P22WHdxxX/1rIneV5jVgOIlRgDO0Dpxn0qie4XnIqzo=
-----END CERTIFICATE----- |
SingleSignOnService Location | https://gateway.pilot.stepup.surfconext.nl/authentication/single-sign-on |
SingleSignOnService Binding | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect |
For second factor only authentication you must use a different endpoint with different metadata.
Click here for the SAML 2.0 metadata for the SFO endpoint of the Pilot environment.
Click here for the supported AuthenticationConextClassRef identifiers.
| Expand |
|---|
| title | Most SAML 2.0 libraries are able to use these metadata. If not, use the information here |
|---|
|
The metadata above of SURFSecureID production is signed with a key that corresponds to the public key embedded in the following certificate. You can use this certificate to verify that the metadata you use from SURFsecureID is valid.
EntityID | https://gateway.pilot.stepup.surfconext.nl/second-factor-only/metadata |
signing certificate
(download certificate as PEM .crt file) | -----BEGIN CERTIFICATE-----
MIICwjCCAaoCCQDs1IDIiytYMTANBgkqhkiG9w0BAQUFADAjMSEwHwYDVQQDDBhT
dGVwdXAgUGlsb3QgR2F0ZXdheSBJZFAwHhcNMTUwMjI3MTA0MTU5WhcNMjUwMjI0
MTA0MTU5WjAjMSEwHwYDVQQDDBhTdGVwdXAgUGlsb3QgR2F0ZXdheSBJZFAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzlSzxPhG+B+o0ulUcR499NoMh
aP4oX0+zpzi2vfY+Q1qw8x6b0eeUrIk99IpMrWN74twvuQ/eIecLZXIYhG94AYGB
620OX7KMM8oCfdjc2I0lk8d+/rsxUqH0U4DDVBryrMcLjLGwe2CMncdSBuc2LCg1
5TveClC/QW/NJ6rvDiR1GoLouqx+CLBd+z2gwC+Od7YTUVY+22XrVzatzOZuz8Wd
vja4VxHzv9Qyi6ta78ah345HWLeZsIh6pRF80qX0lpPRgwQSVXNpT8IxvoL28ViV
VGkLU5SmdS3fbfLzlL5i3jHpWFcvRGPj5z8zmVZuDAka6P80WiKDVRg7gouXAgMB
AAEwDQYJKoZIhvcNAQEFBQADggEBANlnKHackl7MfHi+0lxb/ERuMkRpIGej29RS
WL0aFojNpRjN2ihnuIjp4PPk98xQCKbVeN+PWXNqrrschbUfC5ikcYP5hoU7WJrH
AWvEwmMNy1/UzcKtSgNby8loLFRzi68R92ZTumgFEBFYow9HzgC3HvDeBpRw/qFL
ZjsYqAjezTeRtafx8NIaBtKabRr5hedwUpnzldFbPqLxR1o0B/tqcUIqJOjdpEFI
Yus7VcBI6N6T1TKB4DyfqjbgzxhS5zrE1jFeKaamRWCqKUcEUfngoxQWlKd9LSBW
RXjw0aM+P22WHdxxX/1rIneV5jVgOIlRgDO0Dpxn0qie4XnIqzo=
-----END CERTIFICATE----- |
SingleSignOnService Location | https://gateway.pilot.stepup.surfconext.nl/second-factor-only/single-sign-on |
SingleSignOnService Binding | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect |
| Info |
|---|
On April 15th 2020 the signing certificate of SURFsecureID test will be replaced. For more information see SURFsecureID Key Rollover |
Click here for the SAML 2.0 metadata for the Test environment.
Click here for the supported AuthenticationConextClassRef identifiers.
| Expand |
|---|
| title | Most SAML 2.0 libraries are able to use these metadata. If not, use the information here |
|---|
|
EntityID | https://sa-gw.test.surfconext.nl/authentication/metadata | Metadata | https://metadata.test.surfconext.nl/surfsecureid-metadata.xml | signing
| certificate (current)
Until April 15th 2020(Download certificate as PEM .crt file) -----BEGIN CERTIFICATE-----
MIIC6jCCAdICCQCWUmXBRox3ZDANBgkqhkiG9w0BAQsFADA3MRkwFwYDVQQDDBBH
YXRld2F5IFNBTUwgSWRQMRowGAYDVQQKDBFTVVJGc2VjdXJlSUQgVEVTVDAeFw0x
ODA4MDEwODA2MjdaFw0yMzA3MzEwODA2MjdaMDcxGTAXBgNVBAMMEEdhdGV3YXkg
U0FNTCBJZFAxGjAYBgNVBAoMEVNVUkZzZWN1cmVJRCBURVNUMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3okLxR7J2re6j7/rLjEYLc7iWiELcypmFLvL
9BmCYqYZ80Pn+SR9LPUOXcplFUt6LYh/NOK5JMT0P6o0OTUP1P4zEMzLEl0wSJ1j
Bcu88yNppJoUn/TEgXMGNB1DW8jlVvzcgNSsJjxuw2Fj6J/6D+b77+7PhNMagbnf
BEFStz0RBv7JOBdzuEC71wVxlGXB7C1Y8ZF3AwZgIp0jOVdiMub9i6neaKV9ZBLS
v+azkT8BtAauMdKBpBxC+KxUFV9ccHKFnF2YOTLQ3CJNNGyQTtCJVI82fggraKnl
+by2elV3+Dmzc0iqMcAdECasSS+2E8iOqw+3Qss+RgtS7QvCdQIDAQABMA0GCSqG
SIb3DQEBCwUAA4IBAQCq/j+uXLvYDHhL7c/Y3+oj25+ur2UtZ/uSBqZIIqGlAzlC
EL/zdgDI8XmePaRLtc2hYWUH4bD5Iu8HqxrMPrdBkG/5cjbMmlhU5uV3EX7S+m89
k9vrok9+7B+uynCkMIdA/1Uif2btfEQi9hevvyP/1vvyoHqftym+ivIOyvELJNIg
dTUaqvcJy//QvkmpvSpgTvlzHSVgKkSmMoBhTmevu7lQUGYSk/Mt53Zd3WmZhev+
emS/MTKwV39JkZg7aykIRqXGVe/yTlttW/zaV9WtSIzNZfaKqASraAaClKgv8lsT
jWFv88HZrsP/UuEseIWh4NjOo5HHvHYgqN/atX3t
-----END CERTIFICATE----- | signing certificate (current)
From April 15th 2020certificat
(Download certificate as PEM .crt file) | -----BEGIN CERTIFICATE-----
MIIE8jCCA1qgAwIBAgIUD4MpAowfeNTa8dEJpJtl2r6PRDwwDQYJKoZIhvcNAQEL
BQAwgYkxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdV
dHJlY2h0MRUwEwYDVQQKDAxTVVJGbmV0IEIuVi4xEzARBgNVBAsMClNVUkZjb25l
eHQxKjAoBgNVBAMMIXNhLWd3LnRlc3Quc3VyZmNvbmV4dC5ubCAyMDIwMDIyODAe
Fw0yMDAyMjgxMTU1NTVaFw0yNTAyMjgxMTU1NTVaMIGJMQswCQYDVQQGEwJOTDEQ
MA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwHVXRyZWNodDEVMBMGA1UECgwMU1VS
Rm5ldCBCLlYuMRMwEQYDVQQLDApTVVJGY29uZXh0MSowKAYDVQQDDCFzYS1ndy50
ZXN0LnN1cmZjb25leHQubmwgMjAyMDAyMjgwggGiMA0GCSqGSIb3DQEBAQUAA4IB
jwAwggGKAoIBgQC7tTZherxOI0uI9l4aDEdZHAZb2RwGehbfGyuTzzZqDqt42YC8
MkJIa/9e3HdJw/+x3Qb7xKpqpOcFcC5Divk8RQrzdKg8eP3LqR6+x73DiCAFbMmb
O2bZMqBUggTh4vY4e+gnFchQInw9Jg5wbkt5XzxFSaujeK4n8za5qxIEk9C55D7t
RjHFwkJZoWTBl2wprRdbwSjwg+Bg7MO6MPXcNF9GFJ6IGaAJ3s7qUKVpvqAK6UH3
0Mx37EhWpgKmyLf72B+U8BOGDX7X2NHnHPD5qZQJyhqDLbmcEsUCYn7WozoKCibI
KQIEZAdUgb9TAbUO5c5eW+dSD61RRJ97Q4/DM9Bp+6Z+I/6h26i/h5MrSmrRNYDQ
cmd8kkKGop/0a08IIcTVL56X2oIJckWX3GLZDmRpssp4vI4REEy55P8EoyD943ug
Pn4s6p+88cS2cAlARjV0vehNNmPkTlly1UyZ0oY5ljyvy3aadMdE1aLbdRW4axEb
O4iZ/+Ym/EnfTncCAwEAAaNQME4wHQYDVR0OBBYEFFvR/86aQkE4Icbcm9XAz6Pm
bHVCMB8GA1UdIwQYMBaAFFvR/86aQkE4Icbcm9XAz6PmbHVCMAwGA1UdEwQFMAMB
Af8wDQYJKoZIhvcNAQELBQADggGBAARz8fvcwPEIU0pYAkOCzHhJWDzPf1Q5EAaD
Fs6I1Zi7D8DN14dVjyOed61IaFMnhrv8IP0TdRLx0dgrj52ywaaDgN2MhRUCG4vD
M34tca5KCdRO8AtgAZWYs3Td2Kjg+mkXyGwWIacpFzzTImflWt+dwZI0+I+y4/4g
TwvC6RSuLzo1vXmtOZMkH57uTxAYeGy12vtmggMi64MlMmm/cwrxVQpQ6CClVmWu
nUGaWG1MVcBt9MINLmJrCicFtegtw3i+euRH8K5SjIj702ChF+mXRqUCk+8q2Tsb
zo+1EjASZTxR9HlndjUzFhXadfUMD5ZldFsFEsfP7Nv57rCoS3WAcsGjXETsclZH
H+vHg4wHOXnBUiVIHB22+xxGCCfl0X+WLnjonF50in/yfD7AZJbPIpbqLzuxdojd
UAjXZnlW6ngnW58Qyj1IFvTW8kDmrBEPM1jc+KoPHg94lqrSF2CT6uU3gjQN+aPm
/zBnSil4Dx2aub9LOcTC5on3519edw==
-----END CERTIFICATE----- | SingleSignOnService Location | https://sa-gw.test.surfconext.nl/authentication/single-sign-on | SingleSignOnService Binding | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect | |
You can use Onegini as an IdP for testing.
For second factor only authentication you must use a different endpoint with different metadata.
Click here for the SAML 2.0 metadata for the SFO endpoint of the Test environment.
Click here for the supported AuthenticationConextClassRef identifiers.
| Expand |
|---|
| title | Most SAML 2.0 libraries are able to use these metadata. If not, use the information here |
|---|
|
EntityID | https://sa-gw.test.surfconext.nl/second-factor-only/metadata | signing certificate
|
Until April 15th 2020(Download certificate as PEM .crt file) | -----BEGIN CERTIFICATE----- |
MIIC6jCCAdICCQCWUmXBRox3ZDANBgkqhkiG9w0BAQsFADA3MRkwFwYDVQQDDBBH
YXRld2F5IFNBTUwgSWRQMRowGAYDVQQKDBFTVVJGc2VjdXJlSUQgVEVTVDAeFw0x
ODA4MDEwODA2MjdaFw0yMzA3MzEwODA2MjdaMDcxGTAXBgNVBAMMEEdhdGV3YXkg
U0FNTCBJZFAxGjAYBgNVBAoMEVNVUkZzZWN1cmVJRCBURVNUMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3okLxR7J2re6j7/rLjEYLc7iWiELcypmFLvL
9BmCYqYZ80Pn+SR9LPUOXcplFUt6LYh/NOK5JMT0P6o0OTUP1P4zEMzLEl0wSJ1j
Bcu88yNppJoUn/TEgXMGNB1DW8jlVvzcgNSsJjxuw2Fj6J/6D+b77+7PhNMagbnf
BEFStz0RBv7JOBdzuEC71wVxlGXB7C1Y8ZF3AwZgIp0jOVdiMub9i6neaKV9ZBLS
v+azkT8BtAauMdKBpBxC+KxUFV9ccHKFnF2YOTLQ3CJNNGyQTtCJVI82fggraKnl
+by2elV3+Dmzc0iqMcAdECasSS+2E8iOqw+3Qss+RgtS7QvCdQIDAQABMA0GCSqG
| SIb3DQEBCwUAA4IBAQCq/j+uXLvYDHhL7c/Y3+oj25+ur2UtZ/uSBqZIIqGlAzlC
EL/zdgDI8XmePaRLtc2hYWUH4bD5Iu8HqxrMPrdBkG/5cjbMmlhU5uV3EX7S+m89
k9vrok9+7B+uynCkMIdA/1Uif2btfEQi9hevvyP/1vvyoHqftym+ivIOyvELJNIg
dTUaqvcJy//QvkmpvSpgTvlzHSVgKkSmMoBhTmevu7lQUGYSk/Mt53Zd3WmZhev+
emS/MTKwV39JkZg7aykIRqXGVe/yTlttW/zaV9WtSIzNZfaKqASraAaClKgv8lsT
jWFv88HZrsP/UuEseIWh4NjOo5HHvHYgqN/atX3t
-----END CERTIFICATE-----signing certificate (current)
From April 15th 2020
(Download certificate as PEM .crt file) | -----BEGIN CERTIFICATE-----
MIIE8jCCA1qgAwIBAgIUD4MpAowfeNTa8dEJpJtl2r6PRDwwDQYJKoZIhvcNAQEL
BQAwgYkxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdV
dHJlY2h0MRUwEwYDVQQKDAxTVVJGbmV0IEIuVi4xEzARBgNVBAsMClNVUkZjb25l
eHQxKjAoBgNVBAMMIXNhLWd3LnRlc3Quc3VyZmNvbmV4dC5ubCAyMDIwMDIyODAe
Fw0yMDAyMjgxMTU1NTVaFw0yNTAyMjgxMTU1NTVaMIGJMQswCQYDVQQGEwJOTDEQ
MA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwHVXRyZWNodDEVMBMGA1UECgwMU1VS
Rm5ldCBCLlYuMRMwEQYDVQQLDApTVVJGY29uZXh0MSowKAYDVQQDDCFzYS1ndy50
ZXN0LnN1cmZjb25leHQubmwgMjAyMDAyMjgwggGiMA0GCSqGSIb3DQEBAQUAA4IB
jwAwggGKAoIBgQC7tTZherxOI0uI9l4aDEdZHAZb2RwGehbfGyuTzzZqDqt42YC8
MkJIa/9e3HdJw/+x3Qb7xKpqpOcFcC5Divk8RQrzdKg8eP3LqR6+x73DiCAFbMmb
O2bZMqBUggTh4vY4e+gnFchQInw9Jg5wbkt5XzxFSaujeK4n8za5qxIEk9C55D7t
RjHFwkJZoWTBl2wprRdbwSjwg+Bg7MO6MPXcNF9GFJ6IGaAJ3s7qUKVpvqAK6UH3
0Mx37EhWpgKmyLf72B+U8BOGDX7X2NHnHPD5qZQJyhqDLbmcEsUCYn7WozoKCibI
KQIEZAdUgb9TAbUO5c5eW+dSD61RRJ97Q4/DM9Bp+6Z+I/6h26i/h5MrSmrRNYDQ
cmd8kkKGop/0a08IIcTVL56X2oIJckWX3GLZDmRpssp4vI4REEy55P8EoyD943ug
Pn4s6p+88cS2cAlARjV0vehNNmPkTlly1UyZ0oY5ljyvy3aadMdE1aLbdRW4axEb
O4iZ/+Ym/EnfTncCAwEAAaNQME4wHQYDVR0OBBYEFFvR/86aQkE4Icbcm9XAz6Pm
bHVCMB8GA1UdIwQYMBaAFFvR/86aQkE4Icbcm9XAz6PmbHVCMAwGA1UdEwQFMAMB
Af8wDQYJKoZIhvcNAQELBQADggGBAARz8fvcwPEIU0pYAkOCzHhJWDzPf1Q5EAaD
Fs6I1Zi7D8DN14dVjyOed61IaFMnhrv8IP0TdRLx0dgrj52ywaaDgN2MhRUCG4vD
M34tca5KCdRO8AtgAZWYs3Td2Kjg+mkXyGwWIacpFzzTImflWt+dwZI0+I+y4/4g
TwvC6RSuLzo1vXmtOZMkH57uTxAYeGy12vtmggMi64MlMmm/cwrxVQpQ6CClVmWu
nUGaWG1MVcBt9MINLmJrCicFtegtw3i+euRH8K5SjIj702ChF+mXRqUCk+8q2Tsb
zo+1EjASZTxR9HlndjUzFhXadfUMD5ZldFsFEsfP7Nv57rCoS3WAcsGjXETsclZH
H+vHg4wHOXnBUiVIHB22+xxGCCfl0X+WLnjonF50in/yfD7AZJbPIpbqLzuxdojd
UAjXZnlW6ngnW58Qyj1IFvTW8kDmrBEPM1jc+KoPHg94lqrSF2CT6uU3gjQN+aPm
/zBnSil4Dx2aub9LOcTC5on3519edw==
-----END CERTIFICATE----- | SingleSignOnService Location | https://sa-gw.test.surfconext.nl/second-factor-only/single-sign-on | SingleSignOnService Binding | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect | |
You can use Onegini as an IdP for testing.use eduID to test SPs.
The metadata above of SURFSecureID test is signed with a key that corresponds to the public key embedded in the following certificate. You can use this certificate to verify that the metadata you use from SURFsecureID is valid.