KNF:Service provider koppeling testen/en
During the implementation of a connection with Entree Federation the Reference Identity Provider can be used for testing purposes. With the help of this application the authentication process of a user can be simulated.
Step 1: Start authentication
Open your browser and navigate to the page of your application where you can start the authentication process via Entree Federation.
Step 2: Select the Identity Provider
You will be redirected to the WAYF-screen (Where Are You From) of the Entree Federation. Click on 'Log in met je schoolaccount' ('Log in with your schoolaccount').
In the window that spreads out you will see a list of schools that are connected to the Entree Federation.
Typ in the searchbox 'referentie' ('reference').
After which you select 'Entree Referentie' and click on 'Verder' ('Continue').
Step 3: Reference Identity Provider
You will now be redirected to the Reference Identity Provider of the Entree Federation. You're shown a list of attributes that will be send to your application. These attributes are divided in a set of Standard attributes (Standaard attributen) and a set of Additional attributes (Aanvullende attributen) (here you can find an overview of the attributes).
- Standard attributes will always be passed on to a Service Provider by Entree Federation during a authentication.
- Additional attributes will only be passed on to a Service Provider after the school has given explicit permission by the means of a signed Attribute Release Policy.
If necessary you can change the values of the attributes, accept for nlEduPersonHomeOrganizationId and nlEduPersonHomeOrganization.
Note: In order for your application to be able to receive additional attributes from the Reference Identity Provider, Kennisnet has to change the configuration. You can contact Kennisnet for this.
Step 4: Sending the attributes
If you're ready with modifying the attributes you can click on 'Direct verder naar dienstaanbieder' ('Continue directly to Service Provider') at the top of the page or 'Verder naar dienstaanbieder' ('Continue to Service Provider') at the bottom of the page. The authentication message containing the attributes will now be send to your application. Based on these attributes you can identify and authorise the user.