...
Is SAML Supported?
TCS members that are also Identity Providers in eduGAIN must release the following attributes:
- givenName (oid:2.5.4.42)
- surname (oid:2.5.4.4)
- mail (oid:0.9.2342.19200300.100.1.3)
- edupersonTargetedID (oid:1.3.6.1.4.1.5923.1.1.1.10)
and may also release:
- eduPersonPrimaryAffiliation (oid:1.3.6.1.4.1.5923.1.1.1.5)
- eduPersonPrincipalName (required by GEANT for IGTF Personal Certificates) (oid:1.3.6.1.4.1.5923.1.1.1.6)
- eduPersonEntitlement (required for IGTF Personal Certificates) (oid:1.3.6.1.4.1.5923.1.1.1.7)
- Make sure you only send the values associated with TCS to HARICA SPs. Use "urn:mace:terena.org:tcs:personal-user" to signal permission to issue IGTF Personal Certificates
- schacHomeOrganization (oid:1.3.6.1.4.1.25178.1.2.9),
to the following HARICA EntityIDs:
- PRODUCTION
- “https://www.harica.gr/simplesamlphp/module.php/saml/sp/metadata.php/pki-grnet-sp”
- Test attribute release via https://cm.harica.gr/loginsaml/test.php
- STAGING:
- “https://cm-stg.harica.gr/simplesamlphp/module.php/saml/sp/metadata.php/harica-cm-stg-sp”
- Test attribute release via https://cm-stg.harica.gr/loginsaml/test.php
- DEV:
Known issues:
- Multiple values in the mail attribute is currently not supported.
...
- Certificate life cycle management through an easy to use and read portal - any administrator can get a clear overview of ordered certificates and their lifespan.
- Ability to order multiple certificate types from one place.
- OV and EV as an option for the edge use cases.
- Support for IGTF certificates (cominging coming soon!).
- A support desk.
- No rate limits (Let's Enrypt limits the number of requests you can make in certain time periods).
- EU based terms and conditions and contractual terms negotiated for you.
...