...
- Be sure that your service is configured in SURFconext (Production or Test environment).
- Request a SAML 2.0 metadata file with all IdPs that have been coupled with your service (https://engine.surfconext.nl/authentication/proxy/idps-metadata?sp-entity-id=SP-ENTITY-ID: replace SP-ENTITY-ID with your EntityID as found in your metadata).
- You will receive an actual list of (1) your own Service Provider metadata and (2) metadata of all IdPs that have have been coupled with your service.
- Configure the metadata into your Service Provider directly or use it (e.g. with Xpath) to extract the Display names and SSO locations of the IdPs to present in your WAYF.
For any IdP the SSO location points to a SURFconext endpoint, but with a specific identifier at the end. This identifier instructs SURFconext to forward the authentication request to the requested IdP. This way, SURFconext is still in the middle of the traffic (as a proxy), even though you use your own WAYF selection page.
Example of the metadata file:
...