====== Implementing service provider ======

As mentioned in the other pages, ProxyIdP currently supports connecting services via two protocols. This page contains common practices and tips on how to implement authentication using one of these protocols.

===== SAML =====

  * SAML metadata endpoint: https://login.cesnet.cz/proxy/saml2/idp/metadata.php
  * EINFRA AAI EntityID: https://login.cesnet.cz/idp/
  * Available [[en:index:documentation:sp:proxy:Attributes and scopes]]

==== Recommended software: ====

  * [[ https://wiki.shibboleth.net/confluence/display/SP3/Home | Shibboleth SP ]] (Java + WebServer)
  * [[ https://simplesamlphp.org/samlsp | SimpleSAMLphp ]] (php)
  * [[ https://spring.io/projects/spring-security-saml | Spring Security SAML ]] (Java)
  * [[ https://www.keycloak.org | Keycloak]]


<WRAP center round tip 80%>
On the wiki page of Czech academic identity federation eduID.cz are available guides on how to implement the service provider via protocol [[https://www.eduid.cz/cs/tech/sp/shibboleth | Shibboleth SP v3]] and [[https://www.eduid.cz/cs/tech/sp/simplesamlphp | simpleSAMLphp]]. (Available only in the Czech language)
</WRAP>

===== OIDC =====
  * OpenID Connect metadata endpoint: https://login.cesnet.cz/oidc/.well-known/openid-configuration
  * Issuer: https://login.cesnet.cz/oidc/
  * Authorization endpoint: https://login.cesnet.cz/oidc/authorize
  * Token endpoint: https://login.cesnet.cz/oidc/token
  * Userinfo endpoint: https://login.cesnet.cz/oidc/authorize
  * Available [[en:index:documentation:sp:proxy:Attributes and scopes]]

==== Recommended software: ====

  * [[ https://github.com/zmartzone/mod_auth_openidc | Apache mod_auth_openidc ]] (WebServer plugin)
  * [[ https://github.com/IdentityModel/oidc-client-js | oidc-client-js ]] (JavaScript)
  * [[ https://pyoidc.readthedocs.io/en/latest/# | pyoidc ]] (Python)
  * [[ https://spring.io/projects/spring-security-oauth | Spring Security OAuth2 ]] (Java)


<WRAP center round tip 80%>
For more information about the OpenID Connect protocol or for a step-by-step guide on how to implement the OIDC Relying Part please look at our {{ :en:index:documentation:sp:proxy:oidc_handson.pdf |presentation}}.
</WRAP>





<WRAP center round info 100%>
For manual on how to connect your service to the AAI, visit: [[ https://aai.cesnet.cz/en/index/documentation/sp/proxy/new_sp | registration service provider into EINFRA AAI ]].
</WRAP>