Tech Info

Kalmar Union Technology

Kalmar Union is based on SAML 2.0 technology, and a full mesh of Identity and Service Providers exchanging SAML 2.0 assertions directly. Several SAML 2.0 products are in use, SimpleSAMLphp and Shibboleth being the most widely used. Kalmar Union makes use of the Interoperable Web single sign-on deployment profile (ver 0.1 stable) of SAML 2.0.

Kalmar Union Metadata

Each member federation makes use of the SAML 2.0 metadata specification to provide a list of Identity and Service Providers that are exposed to Kalmar Union. Kalmar Union aggregates the national SAML 2.0 metadata files to provide a SAML 2.0 metadata file for Kalmar Union. The metadata includes also a list of attributes the Service Providers request from the Identity Providers.

Description

Link (example)

Aggregated Kalmar metadata

Full set

Use mimetype=application/xml parameter to make it open in a web browser

Full set (browser friendly)

Use exclude parameter with a country tag (norway, finland, sweden, denmark) to drop a country

Full set excluding Norway

Use set=saml20-idp-remote parameter to include IdPs only

IdPs only

Use set=saml20-sp-remote parameter to include SPs only

SPs only

Shibboleth 2.x attribute filter policy for convenience in Haka federation

Shibboleth afp

The certificate used for signing the metadata

Metadata signing certificate

Kalmar Union Test Metadata

Kalmar union has a parallel test federation for testing new Providers before registering them to production metadata. The test metadata gives an opportunity for the Provider's administrator to ensure the services proper functioning in Kalmar. Loading test metadata to production Providers is strongly discouraged.

Description

Link (example)

Aggregated Kalmar metadata

Full set

Use mimetype=application/xml parameter to make it open in a web browser

Full set (browser friendly)

Use exclude parameter with a country tag (norway, finland, sweden, denmark) to drop a country

Full set excluding Norway

Use set=saml20-idp-remote parameter to include IdPs only

IdPs only

Use set=saml20-sp-remote parameter to include SPs only

SPs only

Shibboleth 2.x attribute filter policy for convenience in Haka federation

Shibboleth afp

The certificate used for signing the metadata

Metadata signing certificate

Member federations' instructions on the test metadata:

WAYF

 

Haka (in Finnish)

 

Feide

 

SWAMID

KALMAR Metadata Validator

At https://test.kalmar2.org/module.php/kvalidate/validate.php you can test if your metadata is compliant with the SAML2 profile used in kalmar.

Kalmar IdP Discovery Service

Kalmar Union provides a Discovery Service that the Service Providers can utilise to locate the end user's Identity Provider in his/her home country.

To use the Discovery Service, use the following endpoint with the IdP Discovery Service protocol:

Kalmar IdP TEST Discovery Service

Kalmar Union provides a test Discovery Service that the Service Providers can utilise to locate the end user's Identity Provider in his/her home country.

To use the Discovery Service, use the following endpoint with the IdP Discovery Service protocol:

Login buttons

Feel free to use the buttions on your login-page.

Attributes in Kalmar Union

Participating federations use different sets of attributes:

More information

Mailing lists

Links

Change fontsize Print