...
The Service Provider is a production SAML deployment that supports SAML V2.0 HTTP-POST binding.
Please note that a list of all connected services will be made publicly available. This mean that your service can not be "hidden" or anything.
As a result, services are required to have a valid TLS configuration (including their SAML endpoints) using certificates from a trusted CA:
- For production services that are operated by GEANT this must be a TCS certificate (Digicert at the moment).
- For non-production services and services operated by 3rd parties, this can be any trusted CA, including LetsEncrypt.
Required information
Please send the following information to aai-is@lists.geant.org:
...
Information | Description | Example | stored in/mapped to (internally) |
---|---|---|---|
Technical contact |
Can be a list | support@it.geant.org | contacts['technical'] |
Support contact | "Generic" support questions for the actual service
Usually the application administrators or the teams that run it. Can be a list. | support@it.geant.org | contacts['support'] |
Service name | Very short name to be shown in user interfaces. | GÉANT Wiki | name |
Service description | Longer descriptive text, for instance with details like:
Can contain URLs | Atlassian Confluence wiki, production instance. | description |
Service URL | The actual URL to the main service | https://wiki.geant.org | url |
Metadata | Valid SAML2.0 metadata | a URL to the XML metadata (preferred), or an XML metadata file. |
Please note that a list of all connected services will be made publicly available. This mean that your service can not be "hidden" or anything.
...
. |
Supplied information
The SAML proxy will always provide the following attributes to its downstream services:
...