...
- A service provider must be registered at the SA gateway as either SFO SP or a standard SP. This registration determines which endpoint the SP is allowed to access. Should an SP implementation have the need to use both the SFO and the standard endpoint simultaneously, it can register an additional EnityID and use that to access the other endpoint.
- A whitelist is applied to the SURFconext identities for which a SP may initiate a SFO authentication. A SP must indicate in advance to SURFconext support the institutions from which it wants to authenticate users using SFO.
Example Implementation
An example code for using SFO with SimpleSAMLphp can be found at: https://github.com/SURFnet/Stepup-SFO-demo