Instruction: How to Connect a Service to MUNI Unified Login
Technically, the service can be connected using the OpenID Connect (OIDC) protocol, which is an extension of the OAuth2 authorization protocol with authentication and an API to retrieve user information. For detailed information on OpenID Connect, see the specification.
Instructions for Service Connection
1
Client registration is done in the SP reg application at https://spreg.aai.muni.cz/.
Log in with your UČO. If you do not have one, email us.
3
Send the application. If any deficiencies are identified, you will receive an email with instructions on how to edit your application. Then repeat the previous steps.
4
Under the My services tab, note Client ID and Client Secret from the OIDC that you will need to know to set up the OIDC client.
5
Once your application is approved, the service will be connected in test mode and access will be granted to administrators.
6
Configure your service (app, library) using the obtained client ID and client secret. Instructions for some of the most common apps and libraries are listed here.
7
After testing, request moving to a production environment in the SP reg application clicking the Move to Production button and wait for confirmation by email.
Technical Specifications
OpenID Connect (OIDC)
Issuer: https://id.muni.cz/oidc/
Metadata: https://id.muni.cz/oidc/.well-known/openid-configuration
Metadata contains addresses of endpoints and keys (for apps which do not support automatic detection).
SAML
Entity ID: https://idp2.ics.muni.cz/idp/shibboleth
Metadata: https://id.muni.cz/metadata
Metadata signing certificate: mu_unified_login.pem
Metadata singing certificate fingerprint: SHA256
Fingerprint=6D:84:B4:F7:E9:3B:0B:75:60:7C:7A:5C:49:7C:37:39:66:F6:D2:04:6B:B4:C6:A0:D1:C3:70:D1:DB:5E:23:E0
Metadata contains addresses of endpoints and keys (for apps which do not support automatic metadata management).