This page contains the SAML 2.0 metadata of the SURFconext identity federation.

Metadata

SURFconext metadata

• SURFconext IdP proxy metadata
  (for use by Service Providers)
• SURFconext SP proxy metadata
  (for use by Identity Providers)

• SURFconext IdPs metadata
  (for use by Service Providers that build their own WAYF)

Assertion signing certificate

The assertion signing certificate for SURFconext is part of above metadata feeds. For convenience, when working with systems where it needs to be configured separately, you can use the following file.

• engine.surfconext.nl 20230503 certificate

SURFsecureID metadata

This metadata is only necessary for those parties that directly interface with the SURFsecureID gateway.

• SURFsecureID Second Factor Only IdP metadata
  (for users of the Second Factor Only endpoint)
• SURFsecureID gateway IdP metadata
  (deprecated - for use by Service Providers)

The assertion signing certificate contained in the metadata above is sa-gw.surfconext.nl 20200409.

eduGAIN metadata

• Downstream eduGAIN metadata (IdPs only)
  (For use by Service Providers that allow login by eduGAIN IdPs)
• Upstream eduGAIN metadata
  (For use by the eduGAIN aggregator)
• Complete downstream eduGAIN metadata
  (Not generally useful)

Security

When retrieving metadata from this site, you must ensure to check the HTTPS certificate validity. We also recommend to use DNSSEC validating resolvers.

If you additionally require XML signed metadata that is signed with a separate metadata signing certificate, please see signed SURFconext metadata.

Support and contact

Please refer to the SURFconext documentation for IdPs and SPs for more information on how to use this metadata and where to get support.