On this page we provide a list of the technical requirement that a service provider's SAML implementation must meet in order to connect to the SURFsecureID gateway.
To initiate a authentication the SP must send a SAML 2.0 AuthnRequest to the SingleSignOnService Location of the SURFsecureID gateway. This location can be found in the SAML 2.0 metadata for SURFsecureID Metadata for Service Providers.
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
binding. Other bindings are not supported.http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
. Other signature algorithms are not supported