Teknisk profil SSO-infrastruktur

Struktur på SSO-metadata

[
    {
        "organization_info": {
            "description": "An example description of the service provider organization",
            "display_name": "Example Service Provider",
            "logotype": "https://example.com/logo.svg",
            "name": "Example Service Provider AB",
            "url": "https://example.com"
        },
        "sso_links": [
            {
                "description": "Example Digital Math Service is the number one digital math companion in Schengen",
                "disabled": false,
                "display_name": "Math Rocket",
                "entity_id": "https://example.com/math",
                "idp_parameter": "entityID",
                "logo": "https://example.com/math/logo.svg",
                "sp_init": "https://example.com/math/Shibboleth.sso/Login?",
                "sso_type": "entity_id",
                "sso_url": "https://example.com/math/Shibboleth.sso/SAML2/POST",
                "target_parameter": "Target"
            },
            {
                "description": "Example Digital Brazilian Jiu-Jitsu Service is the number one digital BJJ teacher in Schengen",
                "disabled": false,
                "display_name": "Example Digital Brazilian Jiu-Jitsu Service",
                "entity_id": "https://example.com/bjj",
                "link_mapping": {
                    "https://idp.example1.com": "https://example.com/bjj/login?idp=example1-idp",
                    "https://idp.example2.com": "https://example.com/bjj/login?idp=example2-idp",
                    "https://idp.example3.com": "https://example.com/bjj/login?idp=example3-idp"
                },
                "logo": "https://example.com/bjj/logo.png",
                "sso_type": "link_map",
                "target_parameter": ""
            }
        ]
    }
]

Organization Information (organization_info)

This section contains metadata about the organization offering the SSO services.

• description REQUIRED (str)

  • A short description of the organization and its services.
  • Example: "An example description of the service provider organization".

• display_name REQUIRED (str)

  • A user-friendly name for the organization.
  • Example: "Example Service Provider".

• logotype REQUIRED (str, URL)

  • The URL of the organization’s logo.
  • Example: "https://example.com/logo.svg".

• name REQUIRED (str)

  • The official legal name of the organization.
  • Example: "Example Service Provider AB".

• url REQUIRED (str, URL)

  • The official website of the organization.
  • Example: "https://example.com".

List of SSO Links (sso_links)

This section contains a list of services that support SSO authentication.

Elements in each SSO link

• description REQUIRED (str)

  • A short description of the service.
  • Example: "Example Digital Math Service is the number one digital math companion in Schengen".

• disabled OPTIONAL (bool)

  • Indicates whether the SSO link is disabled. If omitted, the value is presumed to be false.
  • Possible values:
    • true → The service is disabled and not available to users.
    • false → The service is active and can be used.
  • Example: false (the service is active).

• display_name REQUIRED (str)

  • The name of the service displayed to users.
  • Example: "Math Rocket".

• entity_id REQUIRED (str, URL)

  • The entity ID of the service in the SAML federation.
  • Example: "https://example.com/math".

• logo REQUIRED (str, URL)

  • The URL of the service’s logo.
  • Example: "https://example.com/math/logo.svg".

• sso_type REQUIRED (str)

  • The type of SSO configuration used for the service.
  • Possible values:
    • "entity_id" → Standard SAML SSO using an entity ID.
    • "link_map" → Direct mapping between Identity Providers (IdPs) and specific login URLs.
  • Example: "entity_id" for traditional SAML SSO.

• sso_url OPTIONAL (str, URL)

  • The URL for the service’s SSO entry point.
  • Example: "https://example.com/bjj/sso".

If sso_type is "entity_id"

These fields are required for a standard SAML SSO setup using the entity ID as parameter for identifying the IdP.

• idp_parameter REQUIRED (str)

  • The parameter used to pass the IdP’s entity ID in the SSO request.
  • Example: "entityID".

• sp_init REQUIRED (str, URL)

  • The URL for SP-initiated authentication.
  • Example: "https://example.com/math/Shibboleth.sso/Login?".

• target_parameter OPTIONAL (str)

  • The parameter used to pass a target address after authentication.
  • Example: "Target".

If sso_type is "link_map"

Fields used when the service uses direct mapping between IdPs and specific login URLs 

• link_mapping REQUIRED (object)

  • A mapping where each IdP’s entity ID is used as a key, and the value is the specific login URL for that IdP.
  • Example:

    "link_mapping": {
    	"https://idp.example1.com": "https://example.com/bjj/login?idp=example1-idp",
    	"https://idp.example2.com": "https://example.com/bjj/login?idp=example2-idp",
    	"https://idp.example3.com": "https://example.com/bjj/login?idp=example3-idp"
    },