This page contains the SAML 2.0 metadata of the SURFconext identity federation.
- SURFconext IdP proxy metadata
(for use by Service Providers)
- SURFconext SP proxy metadata
(for use by Identity Providers)
- SURFconext IdPs metadata
(for use by Service Providers that build their own WAYF)
- Upstream eduGAIN metadata
(For use by the eduGAIN aggregator)
- Downstream eduGAIN metadata
(For use by Service Providers that allow login by eduGAIN IdPs)
Our downstream metadata is a copy of the eduGAIN metadata, republished by SURFnet.
Metadata signing certificate
All above metadata from SURFconext is signed with a key that corresponds to the public key embedded in the following certificate. Use this certificate to verify that the metadata you use from SURFconext is valid.
Fingerprints of this certificate:
SHA-1 Fingerprint: 73:64:05:95:BA:DA:C5:D2:F9:B5:87:DE:4A:1C:2B:E0:52:F5:D1:47
SHA-256 Fingerprint: 4B:05:FF:75:00:6A:36:47:79:EA:7E:45:26:B2:6A:64:B4:0E:57:F1:00:D9:6A:5A:21:D8:02:07:F3:43:4D:0E
Assertion signing certificate
The assertion signing certificate for SURFconext is part of above metadata feeds. For convenience, when working with systems where it needs to be configured separately, you can use the following file.
Support and contact
Please refer to the SURFconext documentation for IdPs and SPs for more information on how to use this metadata and where to get support.