Procedure
The procedure for connecting to SURFconext as an IdP is as follows:
- Request that your IdP is added to SURFconext by sending an email to surfconext-beheer@surfnet.nl
- Your request will be evaluated
- When your request is accepted by SURFconext, send the necessary information (see below) to surfconext-beheer@surfnet.nl
- Add the SURFconext metadata to your IdP configuration.
- SURFconext will add you as an IdP and will notify you when this is done
- Verify correct configuration by logging in to an SP
- Have the status of your IdP changed to production by emailing surfconext-beheer@surfnet.nl
Necessary information
When a SURFnet institution wants to connect to SURFconext as an IdP, the following information needs to be provided by the institution:
- IdP SAML2 metadata. The IdP metadata should at least contain the following information:
- SingleSignOnService element with Binding and Location
- x509 certificate that is used for signing messages
- Extra information describing your institution, fields marked with a * are mandatory:
Information |
Example value |
Description |
---|---|---|
url * |
The URL of the institution (usually points to the institutions homepage) |
|
organization:OrganizationName:nl * |
Universiteit van Monnickendam |
Dutch name of the organisation running the IdP |
organization:OrganizationName:en * |
University of Monnickendam |
English name of the organisation running the IdP |
organization:OrganizationDisplayName:nl * |
Universiteit van Monnickendam |
Dutch name suitable for display purposes of the organisation running the IdP |
organization:OrganizationDisplayName:en * |
University of Monnickendam |
English name suitable for display purposes of the organisation running the IdP |
logo * |
universiteitvanmonnickendam.gif |
The logo of the IdP that users who want to login will recognize as representing their institution. Logo format should be delivered in GIF, JPG or PNG format with a maximum size of 108 x 48 pixels (width x height). A URL to an image is acceptable, but this image will be copied to a SURFconext location. Any updates to this image after the IdP registration is complete will not be processed. |
logo width |
107 |
Width of the logo in pixels (maximum 108 pixels) |
logo height |
51 |
Height of the logo in pixels (maximum 48 pixels) |
keywords:nl * |
universiteit monnickendam uvm |
Dutch keywords users can use when searching for a specific IdP |
keywords:en * |
universiy monnickendam uvm |
English keywords users can use when searching for a specific IdP |
Configuring SURFconext as an SP in your IdP
The following attributes are required to send to SURFconext in the SAML assertion:
urn:mace:dir:attribute-def:uid
urn:mace:terena.org:attribute-def:schacHomeOrganization
The following attributes are also supported, and may be useful to service providers (and SURFconext itself) as well:
urn:mace:dir:attribute-def:displayName
urn:mace:dir:attribute-def:mail