You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Production environment

The SAML 2.0 metadata for the SURFconext Strong Authentication gateway production environment can be found at:

https://sa-gw.surfconext.nl/authentication/metadata

The Onegini IdP may be used for testing by SP's without a regular institution's account. Refer to Using Onegini as IdP for testing SPs.

Most SPs will first want to test their connection and therefor connect to our pilot environment first (see below).

Most SAML 2.0 Libraries will be able to use this metadata to setup the connection to the gateway. If not, you can use the information below:

EntityIDhttps://sa-gw.surfconext.nl/authentication/metadata
signing certificate
-----BEGIN CERTIFICATE-----
MIICsjCCAZoCCQDHN3+HzElEDDANBgkqhkiG9w0BAQUFADAbMRkwFwYDVQQDFBBn
YXRld2F5X3NhbWxfaWRwMB4XDTE1MDcyMzEyMTUxOVoXDTIwMDcyMTEyMTUxOVow
GzEZMBcGA1UEAxQQZ2F0ZXdheV9zYW1sX2lkcDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALK/JwHWd5JftXYKO9qcTQ4dfKEnl35oJj6PlEyR6gpikdpg
m2OY/zy4e7vcXfBChedVF3OUI4rRDWCz4yXT2sldzjuIyONJfA86xva5lxDARqT/
+gRBuZ2pyMTb0okvl1G9ZlAjPumVH14591rp6OGT5TJIkILQ/pKp1INdiBqpiR53
Z5YvsXEUJ8PHHZyILO00HnBldq0d77lmATr6QamXpbY+CZ9pIw65t32fhFcUfRC6
8C81/P2crCn3v5GMyrQcM/tB/xdVf/haEZiqgI/bjcreBpQobnAhwEsve+uvbSLF
N1Rsc7o0W/7Pn6EGBX1h9rjKjDgqssHuWkVuU4sCAwEAATANBgkqhkiG9w0BAQUF
AAOCAQEAmlqfTvEfGDeqqqvuAMDG5IKDo6h21wwByywNbRhimfOvL6FqIgAgx+D3
gxW1lO41PcqQQKYIVUEAuYv+tW8COLdHcFRh/UV9ei4iquMwBCkO/XOoMC9FsRBo
3yPaQClRK8OYj1IXer4JXNuFHeLblzf+GLYFoqMWWwT2dnBLAePoEgANKUm2aasx
yiJmnroNa+O5zTP9ExT3qHphCCG1gh3iHrQu9iSEJxY12zAQYtPomIs8Vk/GBfj+
ucUiBEEqaMpCH+t6f0VOIoP1SNHgNAaeBLVuOpS0VlLnwZFJkNPVOQpFgRuoFsH3
/9i53Fs3eQreb9wzq2VkjDhhlc5eyA==
-----END CERTIFICATE-----
SingleSignOnService Locationhttps://sa-gw.surfconext.nl/authentication/single-sign-on
SingleSignOnService Bindingurn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect

Pilot environment

The SAML 2.0 metadata for the SURFconext Strong Authentication gateway pilot environment can be found at:

https://gateway.pilot.stepup.surfconext.nl/authentication/metadata

Most SAML 2.0 Libraries will be able to use this metadata to setup the connection to the gateway. If not, you can use the information below:

EntityIDhttps://gateway.pilot.stepup.surfconext.nl/authentication/metadata
signing certificate
-----BEGIN CERTIFICATE-----
MIICwjCCAaoCCQDs1IDIiytYMTANBgkqhkiG9w0BAQUFADAjMSEwHwYDVQQDDBhT
dGVwdXAgUGlsb3QgR2F0ZXdheSBJZFAwHhcNMTUwMjI3MTA0MTU5WhcNMjUwMjI0
MTA0MTU5WjAjMSEwHwYDVQQDDBhTdGVwdXAgUGlsb3QgR2F0ZXdheSBJZFAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzlSzxPhG+B+o0ulUcR499NoMh
aP4oX0+zpzi2vfY+Q1qw8x6b0eeUrIk99IpMrWN74twvuQ/eIecLZXIYhG94AYGB
620OX7KMM8oCfdjc2I0lk8d+/rsxUqH0U4DDVBryrMcLjLGwe2CMncdSBuc2LCg1
5TveClC/QW/NJ6rvDiR1GoLouqx+CLBd+z2gwC+Od7YTUVY+22XrVzatzOZuz8Wd
vja4VxHzv9Qyi6ta78ah345HWLeZsIh6pRF80qX0lpPRgwQSVXNpT8IxvoL28ViV
VGkLU5SmdS3fbfLzlL5i3jHpWFcvRGPj5z8zmVZuDAka6P80WiKDVRg7gouXAgMB
AAEwDQYJKoZIhvcNAQEFBQADggEBANlnKHackl7MfHi+0lxb/ERuMkRpIGej29RS
WL0aFojNpRjN2ihnuIjp4PPk98xQCKbVeN+PWXNqrrschbUfC5ikcYP5hoU7WJrH
AWvEwmMNy1/UzcKtSgNby8loLFRzi68R92ZTumgFEBFYow9HzgC3HvDeBpRw/qFL
ZjsYqAjezTeRtafx8NIaBtKabRr5hedwUpnzldFbPqLxR1o0B/tqcUIqJOjdpEFI
Yus7VcBI6N6T1TKB4DyfqjbgzxhS5zrE1jFeKaamRWCqKUcEUfngoxQWlKd9LSBW
RXjw0aM+P22WHdxxX/1rIneV5jVgOIlRgDO0Dpxn0qie4XnIqzo=
-----END CERTIFICATE-----
SingleSignOnService Locationhttps://gateway.pilot.stepup.surfconext.nl/authentication/single-sign-on
SingleSignOnService Bindingurn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect

 

How to test your SP-connection on the Pilot-environment using the Onegini IDP

Developers who want to test how their SP works in combination with the SURFconext Strong Authentication Gateway pilot environment, must follow the following procedure:

  1. If you do not have one already: register a Onegini account
  2. Make sure you complete Onegini's verification process for your mail address, as a mail address is required for registering a strong authentication token
  3. Go to https://selfservice.pilot.stepup.surfconext.nl/ and login with your Onegini account
  4. Request a second factor authentication token (choose SMS, tiqr or YubiKey) and complete the self-registration process until you reach step 4 "Activation code'
  5. Contact us via support@surfconext.nl to schedule an appointment for the completion of the registration process. This will only take 5 minutes max. and can best be done by telephone or Skype call, so please drop us your contact details like phone number and/ or Skype_ID so we can contact you.
  6. During this appointment: make sure you have your Activation code, your second factor authentication token (SMS, tiqr or YubiKey) and ID ready.
  7. One of the authorized SURFnet employees will then verify that you are in possession of the registered second factor authentication token (SMS, tiqr or YubiKey) that is associated with the activation code, will verify your identity and will activate your token.
  8. You can now login on your own SP using your activated second factor authentication token (SMS, tiqr or YubiKey)

NB: This procedure will only work on our pilot environment. For the production environment a stricter policy is applied. Please refer to Using Onegini as IdP for testing SPs.

  • No labels