UPDATE ......From Tuesday 8 April 2025 we will change the way that Single Sign-on will work on our Confluence (wiki.geant.org) Please see here for more information:
Update
Architecture
In the test architecture, we deploy 2 node groups, one at SURF VM infrastructure and one in GRnet infrastructure. All components in a node have public DNS records, under controle of service specifc DNS cnfiguration (see later)
Each node group consists of a of at least 4 functional components, which are deployed as docker containers to simplify roll-out:
- the Signer node, which is responsible signing entity metadata
A Signers delivers signed entity metadata upon request from the Delivery node. The Signer will hold an in memory cache of signed entities. The signer obeys SAML metadata rules to decide if resigning is needed.
If so configured a signer may use a Signing Backend system to handle the actual signing of metadata.
A node will only have 1 Signer node - the Delivery node