Production SSO - login.helsinki.fi

SAML

Production SSO entity ID: https://login.helsinki.fi/shibboleth

The service must specify the trust network metadata, which includes, among other things, the addresses of login servers and their public certificates.

• Signed metadata for login.helsinki.fi https://login.helsinki.fi/metadata/sign-hy-metadata-v2.xml
• Metadata signing certificate https://login.helsinki.fi/metadata/sc/sign-login.helsinki.fi-v2.pem

Federations

• For Haka, metadata locations can be found at https://wiki.eduuni.fi/display/CSCHAKA/Haka+metadata
• For eduGAIN, metadata locations can be found at https://wiki.eduuni.fi/pages/viewpage.action?pageId=27297748

Metadata should be set to update automatically if the SAML2 implementation supports it. Validity of the metadata must always be verified with a signing certificate.

OIDC

OpenID Connect configuration file: https://login.helsinki.fi/.well-known/openid-configuration

Test SSO - login-test.it.helsinki.fi

We have a test SSO service where you can create your own users with SP-registry. It works similarly to production SSO but with different metadata.

SAML

Test SSO entity ID: https://login-test.it.helsinki.fi/shibboleth

• Signed metadata for login-test.it.helsinki.fi https://login-test.it.helsinki.fi/metadata/sign-hy-test-metadata.xml
• Metadata signing certificate https://login.helsinki.fi/metadata/sc/sign-login.helsinki.fi-v2.pem

OIDC

Test SSO configuration for OpenID Connect: https://login-test.it.helsinki.fi/.well-known/openid-configuration