SAML Identity Provider as a Service

Easy. Secured. Trusted. Inexpensive.

Get started for free now

Docs

SAML stuff

Supported attributes

The following SAML attributes are supported for all samlidp.io Identity Providers:

  • sn (urn:oid:2.5.4.4)

    Contains the user's surname.

  • givenName (urn:oid:2.5.4.42)

    Contains the user's given name.

  • displayName (urn:oid:2.16.840.1.113730.3.1.241)

    Name of the person in a form the user (or his or her organization) probably wants to be shown.

  • mail (urn:oid:0.9.2342.19200300.100.1.3)

    Preferred address for the "to:" field of email to be sent to this person. The address in this attribute cannot be assumed to represent an organizationally-assigned contact address for a user established as part of a strong identity-proofing process.

  • eduPersonPrincipalName (urn:oid:1.3.6.1.4.1.5923.1.1.1.6)

    A single value of the form user@scope, where scope is a DNS-like subdomain representing the security domain of the user ("foobar.samlidp.io" or own domain of the organization added to the Identity Provider on admin page) and user is an arbitrary persistent key which unambiguously maps to a person within an organization.

  • eduPersonTargetedID (urn:oid:1.3.6.1.4.1.5923.1.1.1.10)

    A single string value of no more than 256 characters that uniquely identifiers a user in an opaque, privacy-preserving fashion. The value will be different for a given user for each service provider to which a value is sent, to prevent correlation of activity between service providers.

  • eduPersonScopedAffiliation (urn:oid:1.3.6.1.4.1.5923.1.1.1.9)

    Multiple values of the form value@scope, where scope is a DNS-like subdomain representing the organization or sub-organization of the affiliation ("foobar.samlidp.io" or own domain of the organization added to the Identity Provider on admin page) and value is one of:

    • member
    • student
    • employee
    • faculty
    • staff
    • alum
    • affiliate
    • library-walk-in

    Affiliation is a high-level expression of the relationship of the user to the university or organization specified in the scope. A user can possess many affiliations, though some values are mutually exclusive. This attribute is often made available to any service provider, and is a good way to filter or block users of a given general type. In particular, "member" is an indication that the user is somebody with relatively official standing with a university at the present time, and does not apply to guests, other temporary accounts, terminated employees, unpaid/unregistered students, and other exceptional cases.

  • schacHomeorganizationType (urn:oid:1.3.6.1.4.1.5923.1.1.1.9)

    The type of the organization, one of the following values:

    • school
    • university
    • other
    • business

Test attribute release

Use attributes.samlidp.io for testing which attributes are released about a user. This is a real Service Provider, it knows all samlidp.io Identity Providers.

Entity Categories

Your Identity Provider supports the Research and Scholarship Entity Category
When your users access a Service Provider which has the Research and Scholarship Entity Category the following attributes are released if consent is also given:

  • eduPersonPrincipalName
  • displayName
  • mail
  • eduPersonScopedAffiliation

Scopes

Your Identity Provider has a default scope under the samlidp.io domain. It is perfectly fine but for production usage we recommend to use a domain name that belongs to your organization. Before we start using your domain name as a scope, we verify that it exists and it is under your control. Please create a TXT record in your domain name's DNS zone with the content of the hash you can find in the IdP's edit page.

Custom Service Providers

You can add any Service Provider exclusively for your Identity Provider, without participating any federation. It is a good option for testing purposes, or if a Service Provider is not part of the federation as your Identity Provider is.


User management

Registering users

You, as an administrator, can add users one by one, or upload the information about them in a CSV file. All fields are required, and after the user is created, the username cannot be modified.

Passwords

You cannot set a password for a user. When you register or activate a user, a token will be sent to the user directly by email, using whic he or she can set their password. All passwords are strongly hashed and kept securely.

Setting user status

If a user is enabled, he or she can login via the Identity Provider, if disabled, it is not allowed. A user with disabled status can be enabled again anytime, but after one year, the user is removed from the user list.

Deleting users

If you delete a user, all data except from their username gets deleted immediately and irrevocably. The username is added to an internal list of deleted user identifiers in order to prevent future reassignment.


Identity Federations

We know the following federations (approx. 8500 Service Providers). If you can't find the one you want to collaborate with, please do not hesitate to contact us.

Federation Contact URL Contact email
Algeria - ARNaai https://www.aai.arn.dz/ opaai@arn.dz
Armenia - AFIRE http://afire.asnet.am admin@afire.asnet.am
Australia - AAF https://aaf.edu.au/ support@aaf.edu.au
Austria - ACOnet Identity Federation (eduID.at) http://eduid.at eduid@aco.net
Belgium - Belnet Federation http://federation.belnet.be/ servicedesk@belnet.be
Brazil - CAFe Federation https://www.rnp.br/en/services/cafe.html operacao@cafe.rnp.br
Canada - CAF Federation https://www.canarie.ca/identity/caf/ caf@canarie.ca
Chile - COFRe Federation https://cofre.reuna.cl/index.php/en/ cofre@reuna.cl
China - CARSI Federation http://www.carsi.edu.cn/ carsi@pku.edu.cn
Columbia - RENATA Federation http://colfire.co/ tecnico@renata.edu.co
Croatia - AAI@eduHr Federation http://www.aaiedu.hr/ team@aaiedu.hr
Czech Republic - eduID.cz https://www.eduid.cz/wiki/en/eduid/index eduid-admin@eduid.cz
Denmark - WAYF Federation http://www.wayf.dk/ sekretariat@wayf.dk
Ecuador - MINGA https://www.cedia.org.ec/minga info@cedia.org.ec
Estonia - TAAT Federation http://taat.edu.ee/ eenet@eenet.ee
Finland - Haka https://www.csc.fi/english/institutions/haka haka@csc.fi
France - Fédération Éducation-Recherche https://services.renater.fr/federation/index support@renater.fr
Germany - DFN-AAI https://www.aai.dfn.de/ hotline@aai.dfn.de
GIF
Greece - GRNET Federation https://aai.grnet.gr/ sgwadmin@garr.it
Grid IDentity Pool Federation https://gridp.garr.it/ sgwadmin@garr.it
Hungary - eduID.hu Federation https://eduid.hu info@eduid.hu
InCommon Federation
India - INFLIBNET Access Management Federation http://parichay.inflibnet.ac.in/ ashok@inflibnet.ac.in
Ireland - Edugate Federation https://edugate.heanet.ie/rr3/ noc@heanet.ie
Israel - IUCC Identity Federation https://iif.iucc.ac.il/ support@iif.iucc.ac.il
Italy - IDEM federation https://www.idem.garr.it/ idem@garr.it
Japan - GakuNin Federation https://www.gakunin.jp/en-Join/ gakunin-office@nii.ac.jp
KAFE
Latvia - LAIFE Federation https://laife.lanet.lv/ laife-admin@lanet.lv
Lithuania - LITNET FEDI Federation https://fedi.litnet.lt/ info@litnet.lt
Luxembourg - eduID.lu Federation http://www.eduid.lu/ admin@restena.lu
Macedonia - AAIEduMk https://aaiedu.mk/
MARWAN Federation
Moldova - LEAF
Netherlands - SURFconext Federation https://www.surfconext.nl/ support@surfconext.nl
New Zealand - Tuakiri Federation https://tuakiri.ac.nz/ support@tuakiri.ac.nz
Norway - FEIDE Federation https://www.feide.no/ support@feide.no
Poland - PIONIER Federation https://aai.pionier.net.pl/en/
Portugal - RCTSaai Federation https://rctsaai.fccn.pt/ rctsaai@fccn.pt
RENU Identity Federation
Russia - FEDUrus Identity Federation http://www.fedurus.ru/ support@fedurus.ru
SAFIRE
Singapore Access Federation (SGAF)
Slovakia - safeID https://www.safeid.sk/ admin@safeid.sk
Slovenia - ArnesAAI Federation http://arnes.splet.arnes.si/services/arnesaai/ aaa-podpora@arnes.si
Spain - SIR Federation https://www.rediris.es/sir/ sir@rediris.es
Sweden - SWAMID Federation http://www.swamid.se/ operations@swamid.se
Switzerland - SWITCHaai Federation https://www.switch.ch/aai/ aai@switch.ch
UK Access Management Federation
Ukraine - PEANO Federation http://www.peano.uran.ua/ peano@uran.ua
Vi-SEEM Community https://vi-seem.eu

Contact Us

Open an issue on Github

Or the dinos can write us email as well: info [at] samlidp [dot] io

© 2017, Kitek Média Ltd.
Company Registration Number: 01-09-901519 (est. 2008)
Budapest, Laura u. 4. 1125 Hungary
info@samlidp.io
+36 (20) 351 3040