Users without an institutional account can login via the guest Identity Provider Onegini. To allow for this, your administrative contact person must request SURFconext (support@surfconext.nl) to enable guest access.
By doing so, every Onegini user can potentially login to your service, unless your service contains an authorisation mechanism.
With Onegini users can login with their social account (Facebook, Twitter, LinkedIn or Google). Also a Onegini specific account may be created for users who do not want to use their social account.
Use Onegini to test strong authentication
In the Test, Pilot and Production environments SP's can use Onegini to test strong authentication for their application. The following attributes are available:
Friendly name | Attribute name | Value |
---|---|---|
SURFconext ID | urn:oid:1.3.6.1.4.1.1076.20.40.40.1 | urn:collab:person:surfguest.nl:<uid> |
uid | urn:mace:dir:attribute-def:uid | Previous SURFguest username when this is a migrated account. Otherwise generated by Onegini. |
Surname | Registered surname | |
Given name | Registered first name | |
Common name | Registered common name | |
Display name | urn:mace:dir:attribute-def:displayName | Same as common name |
Email address | urn:mace:dir:attribute-def:mail | Registered email address |
Organization | urn:mace:terena.org:attribute-def:schacHomeOrganization | surfguest.nl |
PrincipalName | urn:mace:dir:attribute-def:eduPersonPrincipalName | <uid>@surfguest.nl |
There is no attribute that shows which authentication provider (Facebook, Google, LinkedIn, Twitter) the user used.