This page contains the XML signed SAML 2.0 metadata of the SURFconext identity federation.

Only use this metadata if you require verification of the XML signature contained within the metadata. Please see the regular issued metadata if you only need to download it once or will rely on HTTPS as the mechanism to verify the integrity and authenticity.

Metadata

SURFconext metadata

• SURFconext IdP proxy metadata
  (for use by Service Providers)
• SURFconext SP proxy metadata
  (for use by Identity Providers)

• SURFconext IdPs metadata
  (for use by Service Providers that build their own WAYF)

SURFsecureID metadata

This metadata is only necessary for those parties that directly interface with the SURFsecureID gateway.

• SURFsecureID Second Factor Only IdP metadata
  (for users of the Second Factor Only endpoint)
• SURFsecureID gateway IdP metadata
  (deprecated - for use by Service Providers)

eduGAIN metadata

• Downstream eduGAIN metadata (IdPs only)
  (For use by Service Providers that allow login by eduGAIN IdPs)
• Upstream eduGAIN metadata
  (For use by the eduGAIN aggregator)
• Complete downstream eduGAIN metadata
  (Not generally useful)

Metadata signing CA

Use this CA to verify that the metadata you use from SURFconext is valid. The actual certificate that signes the metadata is issued by this CA and may change in the future. The current certificate in use is contained in the XML metadata itself.

• SURFconext metadata signing CA certificate
  (Use this to verify that the certificate that signs the SURFconext metadata is valid)

Fingerprints of the CA certificate:

SHA-1 Fingerprint: 1F:1D:60:A1:C5:D2:B8:F0:2C:34:F2:73:64:FB:61:EB:27:A1:98:44
SHA-256 Fingerprint: A3:90:C5:C8:4F:65:95:B0:4E:C4:76:0D:E3:95:09:40:F6:D3:03:5B:65:18:DF:76:1F:55:A6:6E:88:18:4C:7D

Support and contact

Please refer to the SURFconext documentation for IdPs and SPs for more information on how to use this metadata and where to get support.