Federation architecture

SURFconext is a hub-and-spoke federation, which means all Identity Providers are only connected to a single Service Provider (namely: SURFconext) and all Service Providers are connected to a single Identity Provider (namely: SURFconext). However, an exception is made for Service Providers who offer their service through eduGAIN. Those entities must support mesh architecture. So if you are an Identity Provider from another federation and you would like to connect to a Service Provider from SURFconext, the hub is not involved. Instead, you connect to the Service Provider directly, which is normal in a mesh federation and most likely business as usual for you.

Common attributes in SURFconext

Service Providers in SURFconext often use these attributes:

• urn:mace:terena.org:attribute-def:schacHomeOrganization
• urn:mace:dir:attribute-def:eduPersonPrincipalName
• urn:mace:dir:attribute-def:eduPersonTargetedID
• urn:mace:dir:attribute-def:displayName
• urn:mace:dir:attribute-def:mail

So make sure your Identity Provider is configured to release these attributes. For more info, please look at our detailed attributes page.

Privacy

All Service Providers connected to SURFconext have signed agreements that are as strict as the Code of Conduct.