New Admins: Register for our new Pure Lecture Series!
Pure's logos
Pure Help Center for Pure Administrators

If you are a researcher, or other non-admin at your institution, click here.

  • Home
  • Announcements
  • Release Notes
  • Technical user guides
  • Training
  • Events
  • Support
  • Contact Us
  • Home
  • Training
  • Technical user guides
  • External authentication mechanisms

How Can We Help?

Search Results

Filter By Category

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Contact us

SURFconext ID mgmt. service in Pure [NL] - setup guideSURFconext ID mgmt. service in Pure [NL] - setup guide

SURFconext, provided by SURF, is a federated identity management service for secondary vocational-, higher education and research in the Netherlands

When setting up a connection between Pure and SURFconext, the following actions are required:

  1. Configurations in Pure
  2. Create an entity in the SP dashboard 

1. Configurations in Pure

The configurations are done in Pure under Administrator > Security > Admin > SAML2. 

Below is an example of the filled out settings page. Follow this guide on how to fill out the page. 

 

Description of mandatory fields in the configuration 

Unique identifier for the Service Provider/SP: 

This value is also known as the EntityID. In this field, you can fill in the URL for the Pure instance you are setting up the configurations for: e.g. https://research.pure.dk/admin or use another value such as pure-uni-prod.

 

SAML attribute used to extract the username: 

The value of this field is dependent on which attribute you use as username for authentication: e.g. unique ID or e-mail address.

Some of the most common once are:

  • Unique ID: urn:mace:dir:attribute-def:uid
  • e-mail address: urn:mace:dir:attribute-def:mail
  • Principal name: urn:mace:dir:attribute-def:eduPersonPrincipalName 
  • employee/student number: urn:schac:attribute-def:schacPersonalUniqueCode 

Find the complete overview of all attributes here: https://wiki.surfnet.nl/display/surfconextdev/Attributes+in+SURFconext 

 

Identify Provider/IdP's Metadata URL. 

Needs to be set to https://metadata.surfconext.nl/idp-metadata.xml 

Certificate for the Service Provider/SP's signing credential / Private key for the Service Provider/SP's signing credential

The Certificate and the Private key are both created as self-signed certification. You can create those directly from the configuration using the Generate Certificate/Key Pair button.

 

When you have done your configurations, you can 'Check Certificates' in the top of the configuration screen.

 

2. Create an entity in the Service Provider Dashboard

First, you need to contact SURFconext at support@surfconext.nl and ask for access to the Service Provider dashboard. When you have access to the Service Provider dashboard, you need to create a new entity. 

SURFconext has created a step-by-step guide on how to create an entity, please follow the guide below: 

  1. Login to SP Dashboard
  2. Configure and test your SAML entity/ Configure and test your OIDC entity
  3. Answer the Privacy questions regarding GDPR (AVG)
  4. Promote entity to production

When the entity is created, SURFconext will validate the connection, whereafter you go back to Pure: Administrator > Security > Admin > SAML2, and check the box for Activate. 

 

Published at January 24, 2025

Download
Table of Contents
  1. 1. Configurations in Pure
  2. Description of mandatory fields in the configuration
  3. Unique identifier for the Service Provider/SP:
  4. SAML attribute used to extract the username:
  5. Identify Provider/IdP's Metadata URL.
  6. Certificate for the Service Provider/SP's signing credential / Private key for the Service Provider/SP's signing credential
  7. 2. Create an entity in the Service Provider Dashboard
Related Articles
  • External authentication mechanisms
  • SAML2 (WAYF, Shibboleth, ADFS)
  • Request header based authentication (Pre 5.30.0)
  • Request remote user based authentication (Pre 5.30.0)
  • Static user authentication (Pre 5.30.0)
Keywords
  • setup guide
  • surfconext
  • surfconext.nl

Was this article helpful?

Yes
No
Give feedback about this article

    About Pure

  • Announcements

    Additional Support

  • Events
  • Client Community
  • Training

    Need Help?

  • Contact Us
  • Submit a Support Case
  • My Cases
  • Linkedin
  • Twitter
  • Facebook
  • Youtube
Elsevier logo Relx logo

Copyright © 2025 Elsevier, except certain content provided by third parties.

  • Terms & Conditions Terms & Conditions
  • Privacy policyPrivacy policy
  • AccesibilityAccesibility
  • Cookie SettingsCookie Settings
  • Log in to Pure Help CenterLog in to Helpjuice Center

Knowledge Base Software powered by Helpjuice

Expand