SURFconext, provided by SURF, is a federated identity management service for secondary vocational-, higher education and research in the Netherlands

When setting up a connection between Pure and SURFconext, the following actions are required:

1. Configurations in Pure
2. Create an entity in the SP dashboard 

1. Configurations in Pure

The configurations are done in Pure under Administrator > Security > Admin > SAML2. 

Below is an example of the filled out settings page. Follow this guide on how to fill out the page. 

Description of mandatory fields in the configuration 

Unique identifier for the Service Provider/SP: 

This value is also known as the EntityID. In this field, you can fill in the URL for the Pure instance you are setting up the configurations for: e.g. https://research.pure.dk/admin or use another value such as pure-uni-prod.

SAML attribute used to extract the username: 

The value of this field is dependent on which attribute you use as username for authentication: e.g. unique ID or e-mail address.

Some of the most common once are:

• Unique ID: urn:mace:dir:attribute-def:uid
• e-mail address: urn:mace:dir:attribute-def:mail
• Principal name: urn:mace:dir:attribute-def:eduPersonPrincipalName 
• employee/student number: urn:schac:attribute-def:schacPersonalUniqueCode 

Find the complete overview of all attributes here: https://wiki.surfnet.nl/display/surfconextdev/Attributes+in+SURFconext 

Identify Provider/IdP's Metadata URL. 

Needs to be set to https://metadata.surfconext.nl/idp-metadata.xml 

Certificate for the Service Provider/SP's signing credential / Private key for the Service Provider/SP's signing credential

The Certificate and the Private key are both created as self-signed certification. You can create those directly from the configuration using the Generate Certificate/Key Pair button.

When you have done your configurations, you can 'Check Certificates' in the top of the configuration screen.

 

2. Create an entity in the Service Provider Dashboard

First, you need to contact SURFconext at support@surfconext.nl and ask for access to the Service Provider dashboard. When you have access to the Service Provider dashboard, you need to create a new entity. 

SURFconext has created a step-by-step guide on how to create an entity, please follow the guide below: 

1. Login to SP Dashboard
2. Configure and test your SAML entity/ Configure and test your OIDC entity
3. Answer the Privacy questions regarding GDPR (AVG)
4. Promote entity to production

When the entity is created, SURFconext will validate the connection, whereafter you go back to Pure: Administrator > Security > Admin > SAML2, and check the box for Activate.