====== Implementing service provider ======
As mentioned in the other pages, ProxyIdP currently supports connecting services via two protocols. This page contains common practices and tips on how to implement authentication using one of these protocols.
===== SAML =====
* SAML metadata endpoint: https://login.cesnet.cz/proxy/saml2/idp/metadata.php
* EINFRA AAI EntityID: https://login.cesnet.cz/idp/
* Available [[en:index:documentation:sp:proxy:Attributes and scopes]]
==== Recommended software: ====
* [[ https://wiki.shibboleth.net/confluence/display/SP3/Home | Shibboleth SP ]] (Java + WebServer)
* [[ https://simplesamlphp.org/samlsp | SimpleSAMLphp ]] (php)
* [[ https://spring.io/projects/spring-security-saml | Spring Security SAML ]] (Java)
* [[ https://www.keycloak.org | Keycloak]]
On the wiki page of Czech academic identity federation eduID.cz are available guides on how to implement the service provider via protocol [[https://www.eduid.cz/cs/tech/sp/shibboleth | Shibboleth SP v3]] and [[https://www.eduid.cz/cs/tech/sp/simplesamlphp | simpleSAMLphp]]. (Available only in the Czech language)
===== OIDC =====
* OpenID Connect metadata endpoint: https://login.cesnet.cz/oidc/.well-known/openid-configuration
* Issuer: https://login.cesnet.cz/oidc/
* Authorization endpoint: https://login.cesnet.cz/oidc/authorize
* Token endpoint: https://login.cesnet.cz/oidc/token
* Userinfo endpoint: https://login.cesnet.cz/oidc/userinfo
* Available [[en:index:documentation:sp:proxy:Attributes and scopes]]
==== Recommended software: ====
* [[ https://github.com/zmartzone/mod_auth_openidc | Apache mod_auth_openidc ]] (WebServer plugin)
* [[ https://github.com/IdentityModel/oidc-client-js | oidc-client-js ]] (JavaScript)
* [[ https://pyoidc.readthedocs.io/en/latest/# | pyoidc ]] (Python)
* [[ https://spring.io/projects/spring-security-oauth | Spring Security OAuth2 ]] (Java)
For more information about the OpenID Connect protocol or for a step-by-step guide on how to implement the OIDC Relying Part please look at our {{ :en:index:documentation:sp:proxy:oidc_handson.pdf |presentation}}.
For manual on how to connect your service to the AAI, visit: [[ https://aai.cesnet.cz/en/index/documentation/sp/proxy/new_sp | registration service provider into EINFRA AAI ]].