confusa

It's possible to set up an NREN-specific URL pointing to the portal. This allows you to:

1. Present the portal under your own domain name;
2. Brand the portal with your style already when the user first visits it;
3. Skip the country selection step in the login process.

This requires some hoop-jumping, because we cannot combine domain names from different NREN's into one SSL certificate. This means we have to set up a virtual host with its own SSL-certificate for each NREN. The following steps need to be taken, once per portal:

1. Decide on a domainname, e.g. certificates.yournren.tld. Point it with a DNS CNAME to yournren.tcs-personal-portal.terena.org. This latter name will be created by us to point to the proper place. Change the CNAME target appropriately in case of the eScience portal.
2. Create a server certificate for this name and send it to us (obviously with encrypted private key). Or alternatively send an openssl config file, we send you the csr to get it signed and keep the key here.
3. We set up the portal to answer requests on your URL.
4. You add the URL to the NREN-settings of Confusa. You may also have to reimport the metadata from their new location: https://certificates.yournren.tld/simplesamlphp/module.php/saml/sp/metadata.php/default-sp?output=xhtml