SurfNet has created a easy to setup virtual image of a SimpleSAMLphp Identity Provider, with a webbased UI configuration frontend.

• Slides from TF-EMC2 presentation in Vienna

arnes has a SimpleSAMLphp in a box solution as well (with eduroam support):

• http://www.pingo.org/eduroam/centos5.3/eduroam_in_a_box/

Few days ago an ADFS module was committed to simpleSAMLphp's subversion repository.

The ADFS module implements the Microsoft Active Directory Federation Services (ADFS) protocol for Identity Providers; ADFS is based on the WS-Federation protocol. This module allows you to hook up so-called claims-aware applications to a simpleSAMLphp IDP using the ADFS federation protocol. These applications are typically ASP.NET based applications on the Windows platform, protected by an ADFS Web Agent on the same host. But also MS Sharepoint (with certain limitations) and MS ISA proxy can be connected through ADFS.

There is already WS-Federation/ADFS support for Service Providers in the simpleSAMLphp core.

The ADFS module is developed by Hans Zandbelt from SURFnet. Hans is an important contributor to simpleSAMLphp.

Yesterday SURFfederatie went into production. That means Netherlands are about to have a SAML 2.0 federation in production. Even if the SAML2 part will arrive one month later, we are happy to see Netherlands joins our party.

From the SURFfederatie homepage:

The following organizations are connected to the production environment (SP=Service Provider, IDP=Identity Provider):

• SURFdiensten (SP)
• UvT (IDP)
• Saxion Hogescholen (IDP/SP)
• Marnix Academie (IDP/SP)
• SURFnet (IDP/SP)

This list will soon be extended with Elsevier (SP), EBSCO (SP), OCLC/PICA (SP), Ellips (SP), RUG (IDP) en TU Delft (IDP/SP). As of December 1, the production environment will be extended with SAML 2.0 and ADFS functionality, to allow for easier and faster connectivity to even more organizations.

Visit the SURFfederatie home page to read more

(From SURFfederatie home page) SURFnet started on the construction of a federation in 2006. The SURFnet Federation will be offering researchers, students and lecturers access to information and services from various providers. This access will be offered on the basis of an account with the user's own organisation, such as with an educational institution. The SURFnet Federation will ensure that users can prove their identity by making use of data which this organisation, known as the Identity Provider (IdP), issues and manages for this purpose. The point of departure is the privacy of the user. It is therefore the task of the Identity Provider to determine the user's identity, and to issue it to the federation, in combination with a number of user characteristics, where appropriate.

In turn, the SURFnet Federation ensures that information and service providers trust the information regarding this identity. This prevents users having to remember multiple login names and access codes, and prevents the organisation having to maintain a large number of technical connections to information and service providers.