Where Do I Find the SAML Metadata of the Identity Federations?

FAQ Service Provider Federation
1

Please note: if you are administering a Service Provider, we recommend to use only 2 metadata sources:

Alternatively, if you also want to include all eduGAIN IdPs, please use the following 2 sources:

If you do so, you can safely ignore all of the information below.

Identity Federation Official URL to SAML metadata about IdP(s) Website with details
SURFconext (The Netherlands) (See SURFconext particulars below this table.) https://wiki.surfnet.nl/display/surfconextdev/Get+Conexted
DFN-AAI (Germany) https://www.aai.dfn.de/fileadmin/metadata/DFN-AAI-metadata.xml https://www.aai.dfn.de/teilnahme/metadaten/
Haka (Finland) https://haka.funet.fi/metadata/haka-metadata.xml https://confluence.csc.fi/x/9IIUAg
Kalmar Union (Nordic Countries) https://kalmar2.org/simplesaml/module.php/aggregator/?id=kalmarcentral2&set=saml2 https://www.kalmar2.org/kalmar2web/tech_info.html
Belnet (Belgium) https://federation.belnet.be/federation-metadata.xml http://federation.belnet.be/
eduID.cz (Czech Republic) https://metadata.eduid.cz/entities/eduid+idp Technical overview [eduID.cz]
RCTSaai (Portugal) https://rctsaai-rr.fccn.pt/rr/signedmetadata/federation/UkNUU2FhaQ~~/metadata.xml https://confluence.fccn.pt/display/RCTSAAI/RCTSaai
CLARIN ERIC’s own IdP https://infra.clarin.eu/aai/prod_md_about_clarin_erics_idp.xml CLARIN Identity Provider | CLARIN ERIC

SURFconext Particulars

The following is relevant to Dutch IdPs only (SURFconext).

  • To verify whether an SPF production SP is registered with SURFconext, access a URL of the form:
  • https://engine.surfconext.nl/authentication/proxy/idps-metadata?sp-entity-id=https://ufal-point.mff.cuni.cz/shibboleth/eduid/sp
    Note that the sp-entity-id parameter’s value (in bold) has be set to the entity ID of your SPF production SP!
  • Because SURFconext is a hub-and-spoke federation only a subset of all Dutch Identity Providers has access to the SPF production SPs.
  • To view this subset, one can simply look over the Dutch IdPs in the CLARIN Discovery Service.
  • Alternatively, users that have an IdP within SURFconext can check these access rules here (requires login).
  • We have observed that SURFconext is releasing SAML2 attributes in both the urn:mace and the urn:oid namespaces. If you are mapping these attributes into the same server variable, you have to pay special attention to processing the multi value-server variable.