• Created by Unknown User (urn:collab:person:surfguest.nl:d09fa6a3-58f5-48a7-aa62-17f02489c888) on Tue 06 Dec 2016

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

To have more control over the IP Discovery and the look and feel of the WAYF selection page, you can integrate a WAYF page in your service. You can arrange this as follows:

  1. Be sure that your service is configured in SURFconext (Production or Test environment).
  2. Request a SAML 2.0 metadata file with all Identity Providers that have been coupled with your service (https://engine.surfconext.nl/authentication/proxy/idps-metadata?sp-entity-id=SP-ENTITY-ID (replace SP-ENTITY-ID with your EntityID as found in your metadata)).
  3. You will receive an actual list of 1) your own Service Provider metadata (included for services that use Shibboleth software) and (2) metadata of all the Identity Providers that have allowed access to your service.

An example of the response to the IdPs metadata for the "https://test.test.nl" entity is show below.

<?xml version="1.0"?>
<md:EntitiesDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:mdui="urn:oasis:names:tc:SAML:2.0:metadata:ui" ID="CORTO6d017189c6bcd01c19935006ce6b32e89e29b4a3"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#CORTO6d017189c6bcd01c19935006ce6b32e89e29b4a3"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>L8ANkHPH4msXsIUFptAMeNTuMzQ=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>kSE6aUY74Y1P/B6ZDY4s6F3AEpCv0t/z9fyyhUmPZctfshkiyK53vz8lKfmgiUlOk2c4+dXVPlVQqzeVgW2lDKycdWhkjSQnybBNPrBYlvlEPMJHO4p83IEOMGXh7yS6a8OjNc9qLTikVQnxwfV3xAZGxZ0AZVSJM9WhkqRMJGAK7xMcttM77cIy06ZRpNDb5e36Fb6dLHHAJ3JICd9CEHqdP3WKB2rO2wDGxrkIx/6ynnM1YCFbWvpGU+dGT6/r7YTU9q89UdU2cYMTP1t4KSl/BOMJflnwlAEmFxcxn4FGKny9cRpzhu0nvmtk02cK8T/pYboWWEqG6ooTIEM3Yw==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate></ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
<md:EntityDescriptor validUntil="2012-05-31T22:00:00Z" entityID="https://test.test.nl"><md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://engine.surfconext.nl/authentication/sp/consume-assertion/7f301d787aa6ea235a8b86434d39aa41" index="1"/></md:SPSSODescriptor></md:EntityDescriptor>
<md:EntityDescriptor validUntil="2012-06-01T10:36:28Z" entityID="http://www.surf.nl/test"><md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:Extensions><mdui:DisplayName xml:lang="en">SURFnet BV - This IdP is for testing only</mdui:DisplayName><mdui:DisplayName xml:lang="nl">SURFnet BV - This IdP is for testing only</mdui:DisplayName><mdui:Description xml:lang="en">SURFnet BV - This IdP is for testing only</mdui:Description><mdui:Description xml:lang="nl">SURFnet BV - This IdP is for testing only</mdui:Description><mdui:Logo height="60" width="120">https://wayf.surf.nl/federate/surfnet/img/logo/surfnet.png</mdui:Logo><mdui:Keywords xml:lang="en">SURFNET</mdui:Keywords><mdui:Keywords xml:lang="nl">SURFNET</mdui:Keywords></md:Extensions><md:KeyDescriptor xmlns:ds="http://www.w3.org/2000/09/xmldsig#" use="signing"><ds:KeyInfo><ds:X509Data><ds:X509Certificate></ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:KeyDescriptor xmlns:ds="http://www.w3.org/2000/09/xmldsig#" use="encryption"><ds:KeyInfo><ds:X509Data><ds:X509Certificate></ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://engine.surfconext.nl/authentication/idp/single-sign-on/dedd75c2157a751113666d7888b2f2cd"/></md:IDPSSODescriptor></md:EntityDescriptor>
  • No labels