This page is not yet complete. Please check back soon.

In the mean time, please refer to this page: https://wiki.edugain.org/How_to_offer_a_service_in_eduGAIN#G._Adapt_Access_Control_Rules

Please note: think carefully about which attributes you require or request from Identity Providers. Generally speaking, the more you need the more hesitant Identity Providers are when it comes to connecting to your service. For example, to uniquely identify users you can opt to use eduPersonPrincipalName. However, this attribute contains a lot of personally identifiable information. Instead, it would be better (from a privacy point of view) to use the SAML NameID (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent). Check the 'User Identifiers' paragraph on the Attributes in SURFconext page for more info.