When you decide to use SAML you will have to make sure that your service supports the following:

• Security Assertion Markup Language 2.0 (more precisely the saml2int profile v0.2.1).
• HTTPS for all SAML 2.0 endpoints (with -for production- a score of at least B on SSLlabs).

If your service already supports SAML 2.0, you can go to the next step and connect to our test environment. Otherwise, you will have to implement SAML support by integrating an existing SAML-product in your application. It is strongly advised not to implement a SAML library by yourself or write your own SAML implementation. Please use SimpleSAMLphp or Shibboleth.

SimpleSAMLphp

SimpleSAMLphp is an application written in native PHP that deals with authentication. The main focus is providing support for:

• SAML 2.0 as a Service Provider (SP)
• SAML 2.0 as an Identity Provider (IdP)

So, if your application is written in PHP, you should use SimpleSAMLphp. Follow the documentation as found on SimpleSAML.org. Read the following to prepare your service:

• SimpleSAMLphp Service Provider QuickStart
• SimpleSAMLphp mailing lists
• Follow our step-by-step guide to configure your first SimpleSAMLphp enabled service

Shibboleth

If your application is not written in PHP, you should use Shibboleth. Shibboleth extends your web server such as Apache HTTPd or Microsoft IIS with SAML functionality and leverages existing httpd server functionality to share SAML authentication information with a web application. You will find more here:

• Shibboleth wiki
• Mailing lists
• Follow our step-by-step guide to configure your first SAML enabled Shibboleth service
• Follow our step-by-step guide to integrate SAML and Shibboleth in your JAVA application.

Attributes

Most services require extra information about the authenticated user, such as a name, email address or affiliation. This extra information comes in the form of attributes. In SURFconext, the user authenticates at his Identity Provider - this all happens using SAML. Read this page to see which attributes are available for use within your service.

SAML Tutorials

Read our SAML tutorials to setup your (first) service with SAML. We have depicted several examples so you can start federated authentication with Wordpress, PHP, Shibboleth, etc. You can also use these pages to check your config and debug your service.

Next step

As a next step, you probably want to connect to the SURFconext Test environment to test your SAML implementation or return to our step by step guide to continue.

Navigate