Info |
---|
The SURFsecureId Production and Test environments use different AuthnContextClassRef identifiers. |
Info |
---|
On juli 2nd 2020 the signing certificate of SURFsecureID production was be replaced. For more information see SURFsecureID Key Rollover |
Info |
---|
The metadata of the SURFsecureID production environment was moved to a new location. All metadata is now hosted on https://metadata.surfconext.nl. |
Click here for the SAML 2.0 metadata for the Production environment.
Click here for the supported AuthenticationConextClassRef
identifiers.
Expand |
---|
title | Most SAML 2.0 libraries are able to use these metadata. If not, use the information here |
---|
|
EntityID | https://sa-gw.surfconext.nl/authentication/metadata | Metadata
| https://metadata.surfconext.nl/surfsecureid-metadata.xml
| signing certificate
| -----BEGIN CERTIFICATE----- MIIDsjCCAhoCCQDaq/SxtExjXTANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBn YXRld2F5X3NhbWxfaWRwMB4XDTIwMDQwOTExNDE1NVoXDTI1MDQwODExNDE1NVow GzEZMBcGA1UEAwwQZ2F0ZXdheV9zYW1sX2lkcDCCAaIwDQYJKoZIhvcNAQEBBQAD ggGPADCCAYoCggGBAL7dfZ65PjUxW9yRXRoJ0PDiSh2J0WZ792krxj00jJkyB/eF PnVg5hTVbt85qDkkZuiK8Ym0Suzeo1PA46fRALhnajQ22GQzK1mybQIAXZbs739g 49QAnoKY+wQW205EPtuQ8Y7BqFg+fmXKKo4gTlpX3FP5PTp18no99kKcCbx8hq9E faBKdlPOGvFJUFnTalcSm3djHnmn+/KuIMXM4HEgQ6fgHlqsJPWAxBqKBWxvQdTd e56dr2T64qNyj7t3u54rTCaip6c3vyTB80w8CK9M5mTTqp/Z+kxqhb255UUpLW1h zySgPfzSE4jtr05olkW+d4oMONKqYxlouUPhoUN5YBL3a1H0c8ns+hg1x5hBB5tW QpwY34ZpH+43RflHXdJ6/MxCY7odMuvcua/4iTyRXPkPoGleqguHx9RVe/yFGa+N vTZIo4YBoOESgcDyjU+XrlkmWmyMpYkn6TPdYMKo/bMQkFAE48JhREdpvHWpIrT1 PfUiCy/SLWy0HN0wCQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQCPrFBvw53LMd5w 2VpdmZCJuHg09uIu5F3Cy8eGg+hTLtb2CC9f66Ue/CsH4qrBFGSuBWdSBWS3fzVw mPYbI882J7JtLXZCOyZFMVKaL2kk5D5pP8/NBCam9+cDnJ4zjYJJS3wcY2VMjH24 fNYu+Fix6p4mL8o8itTCqJhb4zz4Ft8GZigxD8DXB/jYUTHWtS5ubMs/mOwxuQ2U E7QFdeE064TqSPpRVI8PBPxetRy5n00/JGFNou/pivUTavRMA3LZpIkxzlcddzf2 zUSaWnAGf1JoPxRWjMq5F1C/hZvW7qDX0jrYK7UE3oXi4NHrER0EUFwCS0PrDQRd DEYs/kVZmPsMT9thR0l11B7xU8xFOaYYOdP1tCY2jqBruspx9ApnRI+es5j8Lr/q TbILTe3pVdNgWoNIeIBj2mINQQp0O0TqXSzbWO+nLJSkbZhPZAXyX9ZP00aU4Sbn kkGJ29xWeqSL+Jh+rUSyMFU16Ri7gHZce+3VgkgyzvSBQFjfG6U= -----END CERTIFICATE----- | SingleSignOnService Location | https://sa-gw.surfconext.nl/authentication/single-sign-on | SingleSignOnService Binding | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect | |
You can use Onegini for testing.
For Second Factor Only (SFO) authentication you must use a different endpoint with different metadata.
Click here for the SAML 2.0 metadata for the SFO endpoint of the production environment.
Click here for the supported AuthenticationConextClassRef
identifiers.
Expand |
---|
title | Most SAML 2.0 libraries are able to use these metadata. If not, use the information here |
---|
|
EntityID | https://sa-gw.surfconext.nl/second-factor-only/metadata | Metadata | https://metadata.surfconext.nl/surfsecureid-sfo-metadata.xml
| | -----BEGIN CERTIFICATE----- MIIDsjCCAhoCCQDaq/SxtExjXTANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBn YXRld2F5X3NhbWxfaWRwMB4XDTIwMDQwOTExNDE1NVoXDTI1MDQwODExNDE1NVow GzEZMBcGA1UEAwwQZ2F0ZXdheV9zYW1sX2lkcDCCAaIwDQYJKoZIhvcNAQEBBQAD ggGPADCCAYoCggGBAL7dfZ65PjUxW9yRXRoJ0PDiSh2J0WZ792krxj00jJkyB/eF PnVg5hTVbt85qDkkZuiK8Ym0Suzeo1PA46fRALhnajQ22GQzK1mybQIAXZbs739g 49QAnoKY+wQW205EPtuQ8Y7BqFg+fmXKKo4gTlpX3FP5PTp18no99kKcCbx8hq9E faBKdlPOGvFJUFnTalcSm3djHnmn+/KuIMXM4HEgQ6fgHlqsJPWAxBqKBWxvQdTd e56dr2T64qNyj7t3u54rTCaip6c3vyTB80w8CK9M5mTTqp/Z+kxqhb255UUpLW1h zySgPfzSE4jtr05olkW+d4oMONKqYxlouUPhoUN5YBL3a1H0c8ns+hg1x5hBB5tW QpwY34ZpH+43RflHXdJ6/MxCY7odMuvcua/4iTyRXPkPoGleqguHx9RVe/yFGa+N vTZIo4YBoOESgcDyjU+XrlkmWmyMpYkn6TPdYMKo/bMQkFAE48JhREdpvHWpIrT1 PfUiCy/SLWy0HN0wCQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQCPrFBvw53LMd5w 2VpdmZCJuHg09uIu5F3Cy8eGg+hTLtb2CC9f66Ue/CsH4qrBFGSuBWdSBWS3fzVw mPYbI882J7JtLXZCOyZFMVKaL2kk5D5pP8/NBCam9+cDnJ4zjYJJS3wcY2VMjH24 fNYu+Fix6p4mL8o8itTCqJhb4zz4Ft8GZigxD8DXB/jYUTHWtS5ubMs/mOwxuQ2U E7QFdeE064TqSPpRVI8PBPxetRy5n00/JGFNou/pivUTavRMA3LZpIkxzlcddzf2 zUSaWnAGf1JoPxRWjMq5F1C/hZvW7qDX0jrYK7UE3oXi4NHrER0EUFwCS0PrDQRd DEYs/kVZmPsMT9thR0l11B7xU8xFOaYYOdP1tCY2jqBruspx9ApnRI+es5j8Lr/q TbILTe3pVdNgWoNIeIBj2mINQQp0O0TqXSzbWO+nLJSkbZhPZAXyX9ZP00aU4Sbn kkGJ29xWeqSL+Jh+rUSyMFU16Ri7gHZce+3VgkgyzvSBQFjfG6U= -----END CERTIFICATE----- | SingleSignOnService Location | https://sa-gw.surfconext.nl/second-factor-only/single-sign-on | SingleSignOnService Binding | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect | |
The metadata above of SURFSecureID production is signed with a key that corresponds to the public key embedded in the following certificate. You can use this certificate to verify that the metadata you use from SURFsecureID is valid.
Info |
---|
On April 15th 2020 the signing certificate of SURFsecureID test will be replaced. For more information see SURFsecureID Key Rollover |
Info |
The metadata of the SURFsecureID test was moved to a new location. All metadata is now hosted on https://metadata.test.surfconext.nl.Click here for the SAML 2.0 metadata for the Test environment.
Click here for the supported AuthenticationConextClassRef
identifiers.
Expand |
---|
title | Most SAML 2.0 libraries are able to use these metadata. If not, use the information here |
---|
|
EntityID | https://sa-gw.test.surfconext.nl/authentication/metadata | Metadata | https://metadata.test.surfconext.nl/surfsecureid-metadata.xml | signing certificat
(Download certificate as PEM .crt file) | -----BEGIN CERTIFICATE----- MIIE8jCCA1qgAwIBAgIUD4MpAowfeNTa8dEJpJtl2r6PRDwwDQYJKoZIhvcNAQEL BQAwgYkxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdV dHJlY2h0MRUwEwYDVQQKDAxTVVJGbmV0IEIuVi4xEzARBgNVBAsMClNVUkZjb25l eHQxKjAoBgNVBAMMIXNhLWd3LnRlc3Quc3VyZmNvbmV4dC5ubCAyMDIwMDIyODAe Fw0yMDAyMjgxMTU1NTVaFw0yNTAyMjgxMTU1NTVaMIGJMQswCQYDVQQGEwJOTDEQ MA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwHVXRyZWNodDEVMBMGA1UECgwMU1VS Rm5ldCBCLlYuMRMwEQYDVQQLDApTVVJGY29uZXh0MSowKAYDVQQDDCFzYS1ndy50 ZXN0LnN1cmZjb25leHQubmwgMjAyMDAyMjgwggGiMA0GCSqGSIb3DQEBAQUAA4IB jwAwggGKAoIBgQC7tTZherxOI0uI9l4aDEdZHAZb2RwGehbfGyuTzzZqDqt42YC8 MkJIa/9e3HdJw/+x3Qb7xKpqpOcFcC5Divk8RQrzdKg8eP3LqR6+x73DiCAFbMmb O2bZMqBUggTh4vY4e+gnFchQInw9Jg5wbkt5XzxFSaujeK4n8za5qxIEk9C55D7t RjHFwkJZoWTBl2wprRdbwSjwg+Bg7MO6MPXcNF9GFJ6IGaAJ3s7qUKVpvqAK6UH3 0Mx37EhWpgKmyLf72B+U8BOGDX7X2NHnHPD5qZQJyhqDLbmcEsUCYn7WozoKCibI KQIEZAdUgb9TAbUO5c5eW+dSD61RRJ97Q4/DM9Bp+6Z+I/6h26i/h5MrSmrRNYDQ cmd8kkKGop/0a08IIcTVL56X2oIJckWX3GLZDmRpssp4vI4REEy55P8EoyD943ug Pn4s6p+88cS2cAlARjV0vehNNmPkTlly1UyZ0oY5ljyvy3aadMdE1aLbdRW4axEb O4iZ/+Ym/EnfTncCAwEAAaNQME4wHQYDVR0OBBYEFFvR/86aQkE4Icbcm9XAz6Pm bHVCMB8GA1UdIwQYMBaAFFvR/86aQkE4Icbcm9XAz6PmbHVCMAwGA1UdEwQFMAMB Af8wDQYJKoZIhvcNAQELBQADggGBAARz8fvcwPEIU0pYAkOCzHhJWDzPf1Q5EAaD Fs6I1Zi7D8DN14dVjyOed61IaFMnhrv8IP0TdRLx0dgrj52ywaaDgN2MhRUCG4vD M34tca5KCdRO8AtgAZWYs3Td2Kjg+mkXyGwWIacpFzzTImflWt+dwZI0+I+y4/4g TwvC6RSuLzo1vXmtOZMkH57uTxAYeGy12vtmggMi64MlMmm/cwrxVQpQ6CClVmWu nUGaWG1MVcBt9MINLmJrCicFtegtw3i+euRH8K5SjIj702ChF+mXRqUCk+8q2Tsb zo+1EjASZTxR9HlndjUzFhXadfUMD5ZldFsFEsfP7Nv57rCoS3WAcsGjXETsclZH H+vHg4wHOXnBUiVIHB22+xxGCCfl0X+WLnjonF50in/yfD7AZJbPIpbqLzuxdojd UAjXZnlW6ngnW58Qyj1IFvTW8kDmrBEPM1jc+KoPHg94lqrSF2CT6uU3gjQN+aPm /zBnSil4Dx2aub9LOcTC5on3519edw== -----END CERTIFICATE----- | SingleSignOnService Location | https://sa-gw.test.surfconext.nl/authentication/single-sign-on | SingleSignOnService Binding | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect | |
You can use Onegini as an IdP for testing.
For second factor only authentication you must use a different endpoint with different metadata.
Click here for the SAML 2.0 metadata for the SFO endpoint of the Test environment.
Click here for the supported AuthenticationConextClassRef
identifiers.
Expand |
---|
title | Most SAML 2.0 libraries are able to use these metadata. If not, use the information here |
---|
|
EntityID | https://sa-gw.test.surfconext.nl/second-factor-only/metadata | signing certificate
(Download certificate as PEM .crt file) | -----BEGIN CERTIFICATE----- MIIE8jCCA1qgAwIBAgIUD4MpAowfeNTa8dEJpJtl2r6PRDwwDQYJKoZIhvcNAQEL BQAwgYkxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdV dHJlY2h0MRUwEwYDVQQKDAxTVVJGbmV0IEIuVi4xEzARBgNVBAsMClNVUkZjb25l eHQxKjAoBgNVBAMMIXNhLWd3LnRlc3Quc3VyZmNvbmV4dC5ubCAyMDIwMDIyODAe Fw0yMDAyMjgxMTU1NTVaFw0yNTAyMjgxMTU1NTVaMIGJMQswCQYDVQQGEwJOTDEQ MA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwHVXRyZWNodDEVMBMGA1UECgwMU1VS Rm5ldCBCLlYuMRMwEQYDVQQLDApTVVJGY29uZXh0MSowKAYDVQQDDCFzYS1ndy50 ZXN0LnN1cmZjb25leHQubmwgMjAyMDAyMjgwggGiMA0GCSqGSIb3DQEBAQUAA4IB jwAwggGKAoIBgQC7tTZherxOI0uI9l4aDEdZHAZb2RwGehbfGyuTzzZqDqt42YC8 MkJIa/9e3HdJw/+x3Qb7xKpqpOcFcC5Divk8RQrzdKg8eP3LqR6+x73DiCAFbMmb O2bZMqBUggTh4vY4e+gnFchQInw9Jg5wbkt5XzxFSaujeK4n8za5qxIEk9C55D7t RjHFwkJZoWTBl2wprRdbwSjwg+Bg7MO6MPXcNF9GFJ6IGaAJ3s7qUKVpvqAK6UH3 0Mx37EhWpgKmyLf72B+U8BOGDX7X2NHnHPD5qZQJyhqDLbmcEsUCYn7WozoKCibI KQIEZAdUgb9TAbUO5c5eW+dSD61RRJ97Q4/DM9Bp+6Z+I/6h26i/h5MrSmrRNYDQ cmd8kkKGop/0a08IIcTVL56X2oIJckWX3GLZDmRpssp4vI4REEy55P8EoyD943ug Pn4s6p+88cS2cAlARjV0vehNNmPkTlly1UyZ0oY5ljyvy3aadMdE1aLbdRW4axEb O4iZ/+Ym/EnfTncCAwEAAaNQME4wHQYDVR0OBBYEFFvR/86aQkE4Icbcm9XAz6Pm bHVCMB8GA1UdIwQYMBaAFFvR/86aQkE4Icbcm9XAz6PmbHVCMAwGA1UdEwQFMAMB Af8wDQYJKoZIhvcNAQELBQADggGBAARz8fvcwPEIU0pYAkOCzHhJWDzPf1Q5EAaD Fs6I1Zi7D8DN14dVjyOed61IaFMnhrv8IP0TdRLx0dgrj52ywaaDgN2MhRUCG4vD M34tca5KCdRO8AtgAZWYs3Td2Kjg+mkXyGwWIacpFzzTImflWt+dwZI0+I+y4/4g TwvC6RSuLzo1vXmtOZMkH57uTxAYeGy12vtmggMi64MlMmm/cwrxVQpQ6CClVmWu nUGaWG1MVcBt9MINLmJrCicFtegtw3i+euRH8K5SjIj702ChF+mXRqUCk+8q2Tsb zo+1EjASZTxR9HlndjUzFhXadfUMD5ZldFsFEsfP7Nv57rCoS3WAcsGjXETsclZH H+vHg4wHOXnBUiVIHB22+xxGCCfl0X+WLnjonF50in/yfD7AZJbPIpbqLzuxdojd UAjXZnlW6ngnW58Qyj1IFvTW8kDmrBEPM1jc+KoPHg94lqrSF2CT6uU3gjQN+aPm /zBnSil4Dx2aub9LOcTC5on3519edw== -----END CERTIFICATE----- | SingleSignOnService Location | https://sa-gw.test.surfconext.nl/second-factor-only/single-sign-on | SingleSignOnService Binding | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect | |
You can use eduID to test SPs.
The metadata above of SURFSecureID test is signed with a key that corresponds to the public key embedded in the following certificate. You can use this certificate to verify that the metadata you use from SURFsecureID is valid.
...