Teknisk profil SSO-infrastruktur

Struktur på SSO-metadata

[
    {
        "organization_info": {
            "description": "An example description of the service provider organization",
            "display_name": "Example Service Provider",
            "logotype": "https://example.com/logo.svg",
            "name": "Example Service Provider AB",
            "url": "https://example.com"
        },
        "sso_links": [
            {
                "description": "Example Digital Math Service is the number one digital math companion in Schengen",
                "disabled": false,
                "display_name": "Math Rocket",
                "entity_id": "https://example.com/math",
                "idp_parameter": "entityID",
                "logo": "https://example.com/math/logo.svg",
                "sp_init": "https://example.com/math/Shibboleth.sso/Login?",
                "sso_type": "entity_id",
                "sso_url": "https://example.com/math/Shibboleth.sso/SAML2/POST",
                "target_parameter": "Target"
            },
            {
                "description": "Example Digital Brazilian Jiu-Jitsu Service is the number one digital BJJ teacher in Schengen",
                "disabled": false,
                "display_name": "Example Digital Brazilian Jiu-Jitsu Service",
                "entity_id": "https://example.com/bjj",
                "link_mapping": {
                    "https://idp.example1.com": "https://example.com/bjj/login?idp=example1-idp",
                    "https://idp.example2.com": "https://example.com/bjj/login?idp=example2-idp",
                    "https://idp.example3.com": "https://example.com/bjj/login?idp=example3-idp"
                },
                "logo": "https://example.com/bjj/logo.png",
                "sso_type": "link_map",
                "target_parameter": ""
            }
        ]
    }
]

Organization Information (`organization_info`)

This section contains metadata about the organization offering the SSO services.

description REQUIRED (str)
- A short description of the organization and its services.
- Example: "An example description of the service provider organization".
display_name REQUIRED (str)
- A user-friendly name for the organization.
- Example: "Example Service Provider".
logotype REQUIRED (str, URL)
- The URL of the organization’s logo.
- Example: "https://example.com/logo.svg".
name REQUIRED (str)
- The official legal name of the organization.
- Example: "Example Service Provider AB".
url REQUIRED (str, URL)
- The official website of the organization.
- Example: "https://example.com".

List of SSO Links (`sso_links`)

This section contains a list of services that support SSO authentication.

Elements in each SSO link

description REQUIRED (str)
- A short description of the service.
- Example: "Example Digital Math Service is the number one digital math companion in Schengen".
disabled OPTIONAL (bool)
- Indicates whether the SSO link is disabled. If omitted, the value is presumed to be false.
- Possible values:
  - true → The service is disabled and not available to users.
  - false → The service is active and can be used.
- Example: false (the service is active).
display_name REQUIRED (str)
- The name of the service displayed to users.
- Example: "Math Rocket".
entity_id REQUIRED (str, URL)
- The entity ID of the service in the SAML federation.
- Example: "https://example.com/math".
logo REQUIRED (str, URL)
- The URL of the service’s logo.
- Example: "https://example.com/math/logo.svg".
sso_type REQUIRED (str)
- The type of SSO configuration used for the service.
- Possible values:
  - "entity_id" → Standard SAML SSO using an entity ID.
  - "link_map" → Direct mapping between Identity Providers (IdPs) and specific login URLs.
- Example: "entity_id" for traditional SAML SSO.
sso_url OPTIONAL (str, URL)
- The URL for the service’s SSO entry point.
- Example: "https://example.com/bjj/sso".

If `sso_type` is `"entity_id"`

These fields are required for a standard SAML SSO setup using the entity ID as parameter for identifying the IdP.

idp_parameter REQUIRED (str)
- The parameter used to pass the IdP’s entity ID in the SSO request.
- Example: "entityID".
sp_init REQUIRED (str, URL)
- The URL for SP-initiated authentication.
- Example: "https://example.com/math/Shibboleth.sso/Login?".
target_parameter OPTIONAL (str)
- The parameter used to pass a target address after authentication.
- Example: "Target".

If `sso_type` is `"link_map"`

Fields used when the service uses direct mapping between IdPs and specific login URLs

link_mapping REQUIRED (object)

A mapping where each IdP’s entity ID is used as a key, and the value is the specific login URL for that IdP.

Example:

"link_mapping": {
	"https://idp.example1.com": "https://example.com/bjj/login?idp=example1-idp",
	"https://idp.example2.com": "https://example.com/bjj/login?idp=example2-idp",
	"https://idp.example3.com": "https://example.com/bjj/login?idp=example3-idp"
},

Page tree

Teknisk profil SSO-infrastruktur

Struktur på SSO-metadata

Organization Information (organization_info)

List of SSO Links (sso_links)

Elements in each SSO link

If sso_type is "entity_id"

If sso_type is "link_map"

Organization Information (`organization_info`)

List of SSO Links (`sso_links`)

If `sso_type` is `"entity_id"`

If `sso_type` is `"link_map"`