...
Is SAML Supported?
TCS members that are also Identity Providers in eduGAIN must release the following attributes:
- givenName
- sn
- (oid:2.5.4.42)
- surname (oid:2.5.4.4)
- mail (oid:0.9.2342.19200300.100.1.3)
- edupersonTargetedID (oid:1.3.6.1.4.1.5923.1.1.1.10)edupersonTargetedID
and may also release:
- eduPersonPrimaryAffiliation (oid:1.3.6.1.4.1.5923.1.1.1.5)
- eduPersonPrincipalName (required by GEANT for GRID Client Authentication Certificates)IGTF Personal Certificates) (oid:1.3.6.1.4.1.5923.1.1.1.6)
- eduPersonEntitlement (required for IGTF Personal Certificates) (oid:1.3.6.1.4.1.5923.1.1.1.7)
- Make sure you only send the values associated with TCS to HARICA SPs. Use "urn:mace:terena.org:tcs:personal-user" to signal permission to issue IGTF Personal Certificates
- schacHomeOrganization (oid:1.3.6.1.4.1.25178.1.2.9),eduPersonEntitlement (values TBD)
to the following HARICA EntityIDs:
- PRODUCTION
- “https://www.harica.gr/simplesamlphp/module.php/saml/sp/metadata.php/pki-grnet-sp”
- Test attribute release via https://cm.harica.gr/loginsaml/test.php
- STAGING:
- “https://cm-stg.harica.gr/simplesamlphp/module.php/saml/sp/metadata.php/harica-cm-stg-sp”
- Test attribute release via https://cm-stg.harica.gr/loginsaml/test.php
- DEV:
Known issues:
- Multiple values in the mail attribute is currently not supported.
Can I order EV Certificates?
EV certificates are NOT included in the HARICA TCS offer as we no longer see any value in supporting this certificate type as a default option. It will be is possible to purchase these (EV TLS) and other types of certificates (Code Signing, Qualified Electronic Signatures/Seals, QWACs) and remote signing services on an individual basis from HARICA if required for specific use cases.
Where can I find information about the HARICA roots?
...