• Home
• Login with External IDP
• SURFconext as IDP Setup Guide

Configure SURFconext as SAML IDP for SSO

---

miniOrange Identity Broker service solution enables cross protocol authentication. You can configure SURFconext as an IDP for Single Sign-On (SSO) into your applications/websites. Here, SURFconext will act as an Identity Provider (IDP) and miniOrange will act as a broker.

We offer a pre-built solution for integrating with SURFconext, making it easier and quick to implement. Our team can also help you set up SURFconext as SAML IDP to login into your applications.

Prerequisite:

• To get started you need to have an active SURFconext account with administrator rights for your organization.
• Get the miniOrange SP metadata that you will require in the first step. For this, go to the miniOrange Admin Console >> Identity Providers >> Add Identity provider. Under Choose Identity Provider, select SAML from the dropdown and go to SAML Provider. Then click on the Click here link.



• Click on Show metadata Details under For SP - Initiated SSO.
• Click on Download Metadata which you will require in SURFconext console in Step 1.

Steps to setup SURFconext as SAML IDP

1. Configure miniOrange as SP in SURFconext

• Login into your SURFconext SP dashboard.
• You will be presented with the WAYF (Where Are You From) screen. Select the Identity Provider that refers to the service you want to add ex: eduID.



• In the SP Dashboard window, click on add entity for test environment for Test Environment / add entity for production environment for Production Environment.



• In CREATE REGISTRATION FORM select the following options and click on Create

Protocol	SAML 2.0
From existing entity	No, create blank registration form




• In the Service Provider registration form upload the metadata file which you got from Prerequisites.



• Select the Name-ID format as required.
• Enter the Logo url, Name and Description.



• Enter the required data in Administrative contact and Technical contact section.



• Once you have entered all the required data click on Publish.



• After the Test Environment / Production Environment is published, you will be presented with list of Identity Providers.
• Select SURFconext test IdP / SURFconext Mujina IDP link to get the IdP metadata.



• Copy the Test Environment / Production Environment link to fetch the IdP metadata for further configuration.



• Keep this metadata handy as we will need it while configuring SURFconext as IDP in miniOrange.

2. Configure SURFconext as Identity Provider (IDP) in miniOrange

• Go to miniOrange Admin console and navigate to Identity Providers in the left navigation menu. Then, click on Add Identity Provider button.



• In Choose Identity Provider, select SAML from the dropdown.



• Search for SAML Provider.



• Click on Import IDP metadata.



• Enter the IDP name as SURFconext. For IDP metadata, select File as format to upload the XML metadata file that you downloaded from the SURFconext in Step 1.
• Then click on the Import button.



• Your IDP metadata details will be auto-filled.
• Click on Save.

3. Test Connection

• Visit your Login Page URL.
• Go to Identity Providers tab.
• Search for your app, click the three dots in the Actions menu, and select Test Connection against the Identity Provider (IDP) you configured.



• On entering valid SURFconext credentials (credentials of user assigned to app created in SURFconext), you will see a pop-up window which is shown in the below screen.



• Hence your configuration of SURFconext as IDP in miniOrange is successfully completed.

Configure Attribute Mapping

• Go to Identity Providers.
• Click the three dots in the Actions menu, and select Attribute Mapping against the Identity Provider (IDP) you configured.

• Attribute Type - USER
• Attribute Type - EXTERNAL

Maps information, such as email and username, during Just-In-Time (JIT) user creation. Email and Username attributes are necessary to create the user profile.

• Click on the + Add Attribute button to add the attribute fields.



• Check the attributes in the Test Connection window from the previous step. Choose any attribute names you want to send to your application under Attribute Name sent to SP.
• Enter the values of the attributes coming from IdP into the Attribute Name from IdP field on the Xecurify side.

EXTERNAL mappings help alter incoming attribute names before sending them to apps, ensuring that the data is in the correct format.

• Click on the + Add Attribute button to add the attribute fields.



• Check attributes in test connection window from last step. Enter the attribute names (any name) that you want to send to your application under Attribute Name sent to SP.
• Enter the value of attributes that are coming from IdP into the Attribute Name from IdP field on the Xecurify side.