Please note: if you are administering a Service Provider, we recommend to use only 2 metadata sources:
- The aggregated SPF Identity Providers (= all IdPs for all participating countries)
- The CLARIN Identity Provider
Alternatively, if you also want to include all eduGAIN IdPs, please use the following 2 sources:
- The aggregated SPF and eduGAIN Identity Providers (= all IdPs in the world)
- The CLARIN Identity Provider
If you do so, you can safely ignore all of the information below.
| Identity Federation | Official URL to metadata about (s) | Website with details | ||
|---|---|---|---|---|
|
SURFconext The Netherlands |
(See SURFconext particulars below this table.) | ‘Get Conexted’ | ||
|
DFN- Germany |
https://www.aai.dfn.de/fileadmin/metadata/DFN-AAI-metadata.xml |
https://www.aai.dfn.de/teilnahme/metadaten/ | ||
|
Haka Finland |
||||
|
Kalmar Union Nordic countries |
https://kalmar2.org/simplesaml/module.php/aggregator/?id=kalmarcentral2&set=saml2 |
|||
|
Belnet Belgium |
||||
|
eduID.cz Czech Republic |
||||
|
RCTSaai Portugal |
https://rctsaai-rr.fccn.pt/rr/signedmetadata/federation/UkNUU2FhaQ~~/metadata.xml |
|||
|
CLARIN 's own IdP |
https://infra.clarin.eu/aai/prod_md_about_clarin_erics_idp.xml |
SURFconext particulars
The following is relevant to Dutch IdPs only (SURFconext).
- To verify whether an SPF production
is registered with SURFconext, access a URL of the form:
- https://engine.surfconext.nl/authentication/proxy/idps-metadata?sp-entity-id=https://ufal-point.mff.cuni.cz/shibboleth/eduid/sp
Note that the sp-entity-id parameter's value (in bold) has be set to the entity ID of your SPF production SP!
- https://engine.surfconext.nl/authentication/proxy/idps-metadata?sp-entity-id=https://ufal-point.mff.cuni.cz/shibboleth/eduid/sp
- Because SURFconext is a hub-and-spoke federation only a subset of all Dutch Identity Providers has access to the SPF production SPs.
- To view this subset, one can simply look over the Dutch IdPs in the CLARIN Discovery Service.
- Alternatively, users that have an IdP within SURFconext can check these access rules here (requires login).
- We have observed that SURFconext is releasing SAML2 attributes in both the urn:mace and the urn:oid namespaces. If you are mapping these attributes into the same server variable, you have to pay special attention to processing the multi value-server variable.