Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

If you have gotten this far you or your colleague probably want to continue with the technical part. Roughly speaking, the technical part of connecting to SURFconext consists of these steps:

  1. For starters you will need to prepare your service to support one of the open standards SURFconext uses for authentication. These are SAML or OpenID Connect. You will need to implement the appropriate features to make your service work with SURFconext.
  2. Then you will connect your service to our Test environment so you can test with identity providers that have fictional, unverified user profiles. This will allow you to technically prepare your service for use with SURFconext. Using the test environment will also get you familiar with attributes or claims.
  3. If you are done testing you will request promotion of the connection to the Production Environment. SURF will review the connection and check if the contractual part is done and all technical and privacy requirements are fulfilled. If we have found everything to be OK, we will send an invite to the institution(s) you have stated you want the connect with.


    At this point ,  the technical process is done and it is important to realize that the service will not be connected until the invitation to connect has been approved by the 'SURFconextresponsible' person. This person will want to know who initiated this at their institution and will assess the attributes that are released. Make sure you have the contact details of the persons with whom you have had contact at the institutions at hand, name and email address. We will refer to them in the connection request. This speeds up the connection processthe institution (Identity Provider) needs to be connect to your service. This requires some action from our side as well as the institution. Generally, if we know which institutions are going to use the service, we will inform them to release the requested attributes. Keep a list at hand with the institutions you want to connect to as well as contacts, name and email, we can refer to when sending the connection invite. This speeds up the process considerably.

  4. You can decide whether you want to allow access by non Dutch IdP's by connecting your service to eduGAIN


Page Tree
rootDocumentation for Service Providers