The procedure for connecting to SURFconext as an IDP that is not already part of the SURFfederatie, is:
When a SURFnet institution wants to connect to SURFconext as an IDP, the following information needs to be provided by the institution:
Information |
Example value |
Description |
---|---|---|
url * |
The URL of the institution (usually points to the institutions homepage) |
|
organization:OrganizationName:nl * |
Universiteit van Monnickendam |
Dutch name of the organisation running the IDP |
organization:OrganizationName:en * |
University of Monnickendam |
English name of the organisation running the IDP |
organization:OrganizationDisplayName:nl * |
Universiteit van Monnickendam |
Dutch name suitable for display purposes of the organisation running the IDP |
organization:OrganizationDisplayName:en * |
University of Monnickendam |
English name suitable for display purposes of the organisation running the IDP |
logo * |
universiteitvanmonnickendam.gif |
The logo of the IDP that users who want to login will recognize as representing their institution. Logo format should be delivered in GIF, JPG or PNG format with a maximum size of 108 x 48 pixels (width x height). A URL to an image is acceptable, but this image will be copied to a SURFconext location. Any updates to this image after the IDP registration is complete will not be processed. |
logo width |
107 |
Width of the logo in pixels (maximum 108 pixels) |
logo height |
51 |
Height of the logo in pixels (maximum 48 pixels) |
logo href * |
? |
|
keywords:nl * |
universiteit monnickendam uvm |
Dutch keywords users can use when searching for a specific IDP |
keywords:en * |
universiy monnickendam uvm |
English keywords users can use when searching for a specific IDP |
The following attributes are required to send to SURFconext in the SAML assertion:
The following attributes are also supported:
Assuming your simpleSAMLphp is connected to your local LDAP you need to modify the elements by adding the "urn" prefix and making schacHomeOrganization available.
The following can be configured in /path/to/simplesamlphp/metadata/saml20-sp-remote.php:
$metadata['https://engine.surfconext.nl/authentication/sp/metadata'] = array ( 'AssertionConsumerService' => 'https://engine.surfconext.nl/authentication/sp/consume-assertion', 'authproc' => array( /* add schacHomeOrganization attribute */ 10 => array( 'class' => 'core:AttributeAdd', 'schacHomeOrganization' => 'frkosp.wind.surfnet.nl', ), /* add the 'urn' prefix to all supported attributes (if provided) */ 20 => array( 'class' => 'core:AttributeMap', 'uid' => 'urn:mace:dir:attribute-def:uid', 'sn' => 'urn:mace:dir:attribute-def:sn', 'givenName' => 'urn:mace:dir:attribute-def:givenName', 'cn' => 'urn:mace:dir:attribute-def:cn', 'displayName' => 'urn:mace:dir:attribute-def:displayName', 'mail' => 'urn:mace:dir:attribute-def:mail', 'eduPersonPrincipalName' => 'urn:mace:dir:attribute-def:eduPersonPrincipalName', 'eduPersonEntitlement' => 'urn:mace:dir:attribute-def:eduPersonEntitlement', 'eduPersonAffiliation' => 'urn:mace:dir:attribute-def:eduPersonAffiliation', 'schacHomeOrganization' => 'urn:mace:terena.org:attribute-def:schacHomeOrganization', ), ), ); |