As mentioned in the other pages, ProxyIdP currently supports connecting services via two protocols. This page contains common practices and tips on how to implement authentication using one of these protocols.
SAML
SAML metadata endpoint: https://login.cesnet.cz/proxy/saml2/idp/metadata.php
EINFRA AAI EntityID: https://login.cesnet.cz/idp/
Available Attributes and scopes
Recommended software:
Shibboleth SP (Java + WebServer)
SimpleSAMLphp (php)
Spring Security SAML (Java)
Keycloak
On the wiki page of Czech academic identity federation eduID.cz are available guides on how to implement the service provider via protocol Shibboleth SP v3 and simpleSAMLphp. (Available only in the Czech language)
OIDC
OpenID Connect metadata endpoint: https://login.cesnet.cz/oidc/.well-known/openid-configuration
Issuer: https://login.cesnet.cz/oidc/
Authorization endpoint: https://login.cesnet.cz/oidc/authorize
Token endpoint: https://login.cesnet.cz/oidc/token
Userinfo endpoint: https://login.cesnet.cz/oidc/authorize
Available Attributes and scopes
Recommended software:
Apache mod_auth_openidc (WebServer plugin)
oidc-client-js (JavaScript)
pyoidc (Python)
Spring Security OAuth2 (Java)
For more information about the OpenID Connect protocol or for a step-by-step guide on how to implement the OIDC Relying Part please look at our presentation.
For manual on how to connect your service to the AAI, visit: registration service provider into EINFRA AAI .