SURFconext also supports OpenID Connect (OIDC) for Service Providers (or Relying Party in OIDC terminology. For the sake of consistency, the term Service Provider will be used onwards). OIDC has several advantages in comparison with SAML:

There are also some attention points:

If you intend to enable your Service Provider for that use case, SAML is for you.

A schematic overview of the OpenID Connect authentication flow can be found on this page: OpenID Connect authentication flow.

More information on the features of the OIDC gateway can be found here

Ready to connect to SURFconext? Please continue at Preparation with OpenID Connect.


We strongly advise you not to build your own OpenID Connect implementation, but use one of the products already available. 
The official OpenID website provides a nice overview of certified and uncertified implementations.