Environment | Endpoint | SAML 2.0 Metadata URL |
---|---|---|
Production | Normal | https://sa-gw.surfconext.nl/authentication/metadata |
Production | SFO | https://sa-gw.surfconext.nl/second-factor-only/metadata |
Pilot | Normal | https://gateway.pilot.stepup.surfconext.nl/authentication/metadata |
Pilot | SFO | https://gateway.pilot.stepup.surfconext.nl/second-factor-only/metadata |
See below for more information for the above metadata endpoints.
Most SPs will first want to test their connection and therefor connect to our Pilot environment environment first, which has different metadata than the production environment. |
The SAML 2.0 metadata for the SURFconext Strong Authentication gateway production environment can be found at:
https://sa-gw.surfconext.nl/authentication/metadata
See Using Levels of Assurance to express strength of authentication for the AuthnContextClassRef
identifiers used by the different environments. Note that these identifiers are different for each environment.
The Onegini IdP may be used for testing by SP's without a regular institution's account. Refer to Using Onegini as IdP for testing SPs.
Most SAML 2.0 Libraries will be able to use the metadata published at https://sa-gw.surfconext.nl/authentication/metadata to setup the connection to the gateway. If not, you can use the information below:
EntityID | https://sa-gw.surfconext.nl/authentication/metadata |
signing certificate | -----BEGIN CERTIFICATE----- |
SingleSignOnService Location | https://sa-gw.surfconext.nl/authentication/single-sign-on |
SingleSignOnService Binding | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect |
SPs using the Second Factor Only (SFO) Authentication endpoint must use the metadata for that endpoint. The SAML 2.0 metadata for the SFO endpoint can be found at:
https://sa-gw.surfconext.nl/second-factor-only/metadata
See Using Levels of Assurance to express strength of authentication for the AuthnContextClassRef
identifiers used by the different environments. Note that these identifiers are different for each environment and each endpoint.
Most SAML 2.0 Libraries will be able to use the metadata published at https://sa-gw.surfconext.nl/second-factor-only/metadata to setup the connection to the gateway. If not, you can use the information below:
EntityID | https://sa-gw.surfconext.nl/second-factor-only/metadata |
signing certificate | -----BEGIN CERTIFICATE----- |
SingleSignOnService Location | https://sa-gw.surfconext.nl/second-factor-only/single-sign-on |
SingleSignOnService Binding | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect |
The SAML 2.0 metadata for the SURFconext Strong Authentication gateway pilot environment can be found at:
https://gateway.pilot.stepup.surfconext.nl/authentication/metadata
See Using Levels of Assurance to express strength of authentication for the AuthnContextClassRef
identifiers used by the different environments. Note that these identifiers are different for each environment.
Most SAML 2.0 Libraries will be able to use the metadata published at https://gateway.pilot.stepup.surfconext.nl/authentication/metadata to setup the connection to the gateway. If not, you can use the information below:
EntityID | https://gateway.pilot.stepup.surfconext.nl/authentication/metadata |
signing certificate | -----BEGIN CERTIFICATE----- |
SingleSignOnService Location | https://gateway.pilot.stepup.surfconext.nl/authentication/single-sign-on |
SingleSignOnService Binding | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect |
SPs using the Second Factor Only (SFO) Authentication endpoint must use the metadata for that endpoint. The SAML 2.0 metadata for the SFO endpoint can be found at:
https://gateway.pilot.stepup.surfconext.nl/second-factor-only/metadata
See Using Levels of Assurance to express strength of authentication for the AuthnContextClassRef
identifiers used by the different environments. Note that these identifiers are different for each environment and each endpoint.
Most SAML 2.0 Libraries will be able to use the metadata published at https://gateway.pilot.stepup.surfconext.nl/second-factor-only/metadata to setup the connection to the gateway. If not, you can use the information below:
EntityID | https://gateway.pilot.stepup.surfconext.nl/second-factor-only/metadata |
signing certificate | -----BEGIN CERTIFICATE----- |
SingleSignOnService Location | https://gateway.pilot.stepup.surfconext.nl/second-factor-only/single-sign-on |
SingleSignOnService Binding | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect |
Developers who want to test how their SP works in combination with the SURFconext Strong Authentication Gateway pilot environment, must follow the following procedure:
NB: This procedure will only work on our pilot environment. For the production environment a stricter policy is applied. Please refer to Using Onegini as IdP for testing SPs. |