This is so called External Identity Provider, which provides a bridge from OAuth and OpenID authentication to SAML (Structured Assertion Markup Language) identity federations. It currently supports the following authentication:
Metadata are available at https://extidp.cesnet.cz/idp/shibboleth. Warning - the server uses SSL SNI, so to access the metadata you need wget version 1.14+ or Java 7+.
This provider provides the following attributes:
You may want to select only one of the provided authentication methods. In that case, specify the required authentication method in the SAML authentication request. The methods are marked by the following URIs:
If you use the Shibboleth Service Provider, you can do it in one of two ways. You can specify the method in the SessionInitiator tag in the /etc/shibboleth/shibboleth2.xml file like this (see NativeSPSessionInitiator#NativeSPSessionInitiator-Attributes):
<SessionInitiator id="extSI" Location="/WAYF/ext" type="SAML2" relayState="cookie" template="bindingTemplate.html" acsIndex="1" entityID="https://extidp.cesnet.cz/idp/shibboleth" authnContextClassRef="urn:cesnet:extidp:authn:google" />
or you can set it using the URL parameter authnContextClassRef in the URL that starts the lazy Shibboleth session:
Log in using Google Log in using Facebook Log in using LinkedIn Log in using OrcID Log in using GitHub Log in using any method