Getting Started with SWAMID

Welcome to the Swedish Academic Identity Federation, SWAMID. SWAMID is an infrastructure to make it easier for users at higher educational institutions and other member organisations to log in to various services. SWAMID supports different federated login techniques, currently SAML WebSSO and eduroam. This page focuses on web-based login via SAML WebSSO.

Register a service in SWAMID

To be able to connect a service to SWAMID, the service must meet the following two formal requirements:

  1. The service must meet one of the following registration requirements:
    • The service is owned by a member organisation;
    • The service is under contract with at least one member organisation;
    • The service is operated by a Swedish government agency and used by at least one member organisation;
    • The service is operated at least in part for the purpose of supporting research and scholarship interaction, collaboration or management (primarily for community services); or
    • The service is granted special approval by SWAMID Board of Trustees after recommendation by SWAMID Operations (special exceptions).
  2. The service must accept the SWAMID Metadata Terms of Access and Use.

Once the formal requirements are met, it is time to install and configure the software to connect the service to the federation. This is done through a Service Provider (SP) and it must comply with the SWAMID SAML WebSSO Technology Profile. Please note that SWAMID is an identity federation where each member organisation publishes its own Identity Provider (IdP) in the federation so the SP software used must support automatic management of multiple Identity Providers and that metadata from the federation must be updated at least once a day. If your Service Provider is unable to handle multiple Identity Providers, it is possible to use a SAML proxy to assist the Service Provider.

The SAML metadata for the service is registered through SWAMID's metadata tool. To register metadata, you must be able to log in using an identity provider registered in SWAMID. If you do not have an active user account with a SWAMID-registered identity provider, you can create an eduID account at eduID.se.

SWAMID has instructions, advice, and recommendations for Service Providers on the wiki page SAML SP Best Current Practice.

Give users at your organisation the opportunity to log in to services registered in SWAMID

In order to be able to connect an Identity Provider (IdP) to SWAMID, the organisation must meet the following two formal requirements:

  1. The organisation must be a member of SWAMID.
    • Only organisations connected to the Sunet network can be a members of SWAMID. The membership application can be downloaded from SWAMID's policy page under the section "Identity publisher (IdP)".
  2. The organisation must be approved for at least one SWAMID Identity Assurance Profile.
    • The Identity Assurance Profiles are available on the SWAMID's policy page under the section "SWAMID Identity Assurance Profiles".
    • Contact SWAMID Operations for help and instructions on how to get approved for a Identity Assurance Profile.

Once the formal requirements are met, it is time to install and configure your Identity Provider. The organisation must first decide which software to use. SWAMID has instructions on the Wiki page SAML IdP Best Current Practice for Shibboleth Identity Provider and Microsoft ADFS. For other IdP software, you must specifically check that they comply with the SWAMID SAML WebSSO Technology Profile. The SAML IdP Best Current Practice also contains instructions, advice, and recommendations on how to configure the selected Identity Provider.

The SAML metadata for the identity provider is registered through SWAMID's metadata tool. To register metadata, you must be able to log in using an identity provider registered in SWAMID. If you do not have an active user account with a SWAMID-registered identity provider, you can create an eduID account at eduID.se.

Further reading...

  • No labels