...
...
...
Image Removed
|
We have a test and production environment your service can connect with. You will start with defining your service in our Test environment, to verify it works as expected. This environment is standardized and in close alignment with the production environment. After you have requested to publish the service to production and if we confirm all requirements are met, such as the necessary contracts and TLS requirements, we will accept the service to be deployed to our Production environment making it available to all users of SURFconext. This page outlines the differences between these environments.
SURFconext Ecosystem
|
| SURFconext Test |
| SURFconext Production | | Test mode | Production mode |
|
|
...
| - Environment for testing purposes only
- Test with test/diy
|
|
|
...
...
...
- ldP's
- Do not use (privacy) sensitive information
- No contract necessary
- New SP's can be configured via Selfservice
|
|
|
...
...
- ldP metadata (see below)
- No SLA
- Every IdP is by default connected to every available SP and the way around
| - Contract need to be in place
- Holds privacy sensitive information from institutional users
- Production IdP’s available only
- Uses specific IdP metadata (see below)
- SSL Labs Rating B or Higher
| SAML IdP metadata:
https:// |
|
|
...
...
...
SURFconext Production:
The SURFconext production environment has been split into two seperate sub-environments (modes). A Staging and a production mode. IdPs and SPs which are configured in the staging mode can't connect to production mode and vice versa.
SURFconext Production staging mode:
- For short staging testing before going to production
- Test IdP's available only
- Uses specific IdP metadata (see below)
| Info |
|---|
Please note that SURFconext acts as an identity provider to services and is the only IdP a service connects to. That is why you use the IdP Metadata links as stated in the table above. |
SURFconext Test environment- For testing purposes only.
- Test with the SURFconext test IdP's or institutions test IdP's (if available) that have fictitious accounts.
- No contract necessary.
- Do not use (privacy) sensitive information
- New SP's can be configured via Selfservice SP-Dashboard.
- SAML Specific IdP metadata needed that refers to and connects with the SURFconext test environment.
- OpenID Connect: specific .well-known endpoint that refers to our test environment.
SURFconext Production environment |
|
...
- Contracts need to be in place
- Holds privacy sensitive information from institutional users
- Production IdP's available only
|
|
...
Metadata to be used for this environment (both modes) can be found here: https://engine.surfconext.nl/authentication/idp/metadata
...
- Available IdPs: SURFconext Production IdPs in Production mode
- Available SPs: SURFconext Production SPs in Production mode
- Institution contact must authorise connection of institution IdP to SURFconext SA Pilot
- Institution contact must authorise connection between IdP and SP
- OneGINI guest IdP is available.
SURFconext Strong Authentication Production:
- Available IdPs: SURFconext Production IdPs in Production mode
- Available SPs: SURFconext Production SPs in Production mode
- Institution contact must authorise connection of institution IdP to SURFconext SA Pilot
- Institution contact must authorise connection between IdP and SP
Actions IdP's can take to test servicesSome Institutions/IdP's want to test services before a service is connected in Production Mode, with identities the institution controls. Institutions that want to do so are recommended to configure a test IdP and request the SURFconext team to connect that test IdP to the SURFconext test environment. Back to startContinue to connect your service with our step by step guide. |
| Column |
|---|
| Navigate | Page Tree |
|---|
| root | Documentation for Service Providers |
|---|
| searchBox | true |
|---|
|
|
|
...