Tech Info
Kalmar Union Technology
Kalmar Union is based on SAML 2.0 technology, and a full mesh of Identity and Service Providers exchanging SAML 2.0 assertions directly. Several SAML 2.0 products are in use, SimpleSAMLphp and Shibboleth being the most widely used. Kalmar Union makes use of the Interoperable Web single sign-on deployment profile (ver 0.1 stable) of SAML 2.0.
Kalmar Union Metadata
Each member federation makes use of the SAML 2.0 metadata specification to provide a list of Identity and Service Providers that are exposed to Kalmar Union. Kalmar Union aggregates the national SAML 2.0 metadata files to provide a SAML 2.0 metadata file for Kalmar Union. The metadata includes also a list of attributes the Service Providers request from the Identity Providers.
| Description | Link (example) |
|---|---|
| Aggregated Kalmar metadata | Full set |
| Use mimetype=application/xml parameter to make it open in a web browser | Full set (browser friendly) |
| Use exclude parameter with a country tag (norway, finland, sweden, denmark) to drop a country | Full set excluding Norway |
| Use set=saml20-idp-remote parameter to include IdPs only | IdPs only |
| Use set=saml20-sp-remote parameter to include SPs only | SPs only |
| Shibboleth 2.x attribute filter policy for convenience in Haka federation | Shibboleth afp |
| The certificate used for signing the metadata | Metadata signing certificate |
Kalmar Union Test Metadata
Kalmar union has a parallel test federation for testing new Providers before registering them to production metadata. The test metadata gives an opportunity for the Provider's administrator to ensure the services proper functioning in Kalmar. Loading test metadata to production Providers is strongly discouraged.
| Kalmar test metadata | full set (browser friendly) |
| Test Discovery Service | link (will not open to a browser) |
| Member federations' instructions on the test metadata | WAYF |
| Haka (in Finnish) | |
| Feide | |
| SWAMID |
Ensuring availability
To ensure service availability, (some) Kalmar Identity and Service Providers are under constant monitoring
Kalmar IdP Discovery Service
Kalmar Union provides a Discovery Service that the Service Providers can utilise to locate the end user's Identity Provider in his/her home country.
To use the Discovery Service, use the following endpoint with the IdP Discovery Service protocol:
- https://kalmar2.org/simplesaml/module.php/discopower/disco.php (the service can be invoked only by a Service Provider)
Login buttons
Feel free to use the buttions on your login-page.
Attributes in Kalmar Union
Participating federations use different sets of attributes:
More information
Mailing lists
Links
