====== Implementing service provider ====== As mentioned in the other pages, ProxyIdP currently supports connecting services via two protocols. This page contains common practices and tips on how to implement authentication using one of these protocols. ===== SAML ===== * SAML metadata endpoint: https://login.cesnet.cz/proxy/saml2/idp/metadata.php * EINFRA AAI EntityID: https://login.cesnet.cz/idp/ * Available [[en:index:documentation:sp:proxy:Attributes and scopes]] ==== Recommended software: ==== * [[ https://wiki.shibboleth.net/confluence/display/SP3/Home | Shibboleth SP ]] (Java + WebServer) * [[ https://simplesamlphp.org/samlsp | SimpleSAMLphp ]] (php) * [[ https://spring.io/projects/spring-security-saml | Spring Security SAML ]] (Java) * [[ https://www.keycloak.org | Keycloak]] On the wiki page of Czech academic identity federation eduID.cz are available guides on how to implement the service provider via protocol [[https://www.eduid.cz/cs/tech/sp/shibboleth | Shibboleth SP v3]] and [[https://www.eduid.cz/cs/tech/sp/simplesamlphp | simpleSAMLphp]]. (Available only in the Czech language) ===== OIDC ===== * OpenID Connect metadata endpoint: https://login.cesnet.cz/oidc/.well-known/openid-configuration * Issuer: https://login.cesnet.cz/oidc/ * Authorization endpoint: https://login.cesnet.cz/oidc/authorize * Token endpoint: https://login.cesnet.cz/oidc/token * Userinfo endpoint: https://login.cesnet.cz/oidc/userinfo * Available [[en:index:documentation:sp:proxy:Attributes and scopes]] ==== Recommended software: ==== * [[ https://github.com/zmartzone/mod_auth_openidc | Apache mod_auth_openidc ]] (WebServer plugin) * [[ https://github.com/IdentityModel/oidc-client-js | oidc-client-js ]] (JavaScript) * [[ https://pyoidc.readthedocs.io/en/latest/# | pyoidc ]] (Python) * [[ https://spring.io/projects/spring-security-oauth | Spring Security OAuth2 ]] (Java) For more information about the OpenID Connect protocol or for a step-by-step guide on how to implement the OIDC Relying Part please look at our {{ :en:index:documentation:sp:proxy:oidc_handson.pdf |presentation}}. For manual on how to connect your service to the AAI, visit: [[ https://aai.cesnet.cz/en/index/documentation/sp/proxy/new_sp | registration service provider into EINFRA AAI ]].