#Enter the persons who are participating in the team that works on this Activity - delete this line after using the template#

#Please describe the high-level goal of the incubator Activity, provide an overview of the anticipated work and needed resources and skills. Please also describe how commitment from various partners is warranted. - delete this line after using the template#

<Enter here>

This activity attempts to extend the IdP/SP software SimpleSAMLphp with the still missing OpenID Connect Provider interface.

#Please describe the goals of Activity, including what needs to be delivered, participants, the community(ies) that require a solution. Describe when the Activity is done and how to measure the success of it, in a SMART way. - delete this line after using the template#

<Enter here>

The aim of this activity is to create a functional OIDC OpenID Provider module for SimpleSAMLphp and provide it upstream.

SimpleSAMLphp (SSP) is a commonly used software product for both SP and IdP deployments in Research and Education. In addition it may also be deployed as a proxy. Next to SAML, various other authentication protocols are supported.While SSP already supports the OpenID Connect (OIDC) Relaying Party (RP) interface, an OIDC OpenID Provider (OP) implementation is missing.

Adding an OIDC OP would add the ability to run a SSP based identity provider in 'dual stack' providing both SAML and OIDC based authentication using the same authoritative database. In addition it would improve SSPs proxy capability by allow it to proxy from SAML based IdPs (itself acting as an SP) to OIDC based RPs (itself acting as an OP).

This activity seeks to implement an OIDC OP in accordance with the OIDC specification into SSP.

There is an existing module available at Github. It needs to be investigated whether this is suitable for this activity.

#Please describe the technical details for the Activity. - delete this line after using the template#

#What SSP is the business case for the Activity? Who would be beneficiaries of the results of the Activity and what would potential business case look like if applicable? - delete this line after using the template#
<Enter here>one of the most widely used IdP/SP software in the GÉANT community. Furthermore, the adoption of OIDC is growing steadily, especially third-parties use it commonly. The OP module offers NRENs and institutions an easy way to provide an OIDC IdP. 

• Parallel implementation of

<Enter here>

• different solutions
• Failure to provide the module upstream

#How do data protection and privacy impact the Activity? Think about e.g. handling of personal data of users - delete this line after using the template#

<Enter here>

• The activity itself does not handle any sensitive data
• The created module will be integrated into an IdP and therefore handle authentication related user information

• An SSP OIDC OP architecture is created and documented
• A working SSP module is created and tested
• A security review is performed to ensure the module does not affect SSP security or privacy
• The SSP module is published publicly and picked up by a maintainer

#Please describe here the set of criteria that the product must meet in order to be considered finished. - delete this line after using the template#

#How are the results of the Activity intended to be used? If this requires further engagement, can you describe how you intent to sustain it? - delete this line after using the template#

<Enter here>

• The source code and interface documentation will be published publicly on GitHub
• The module will be provided to the SSP developers or a related project for maintenance

• Passing OIDF Basic and Implicit Conformance Tests
• Project handed over to https://github.com/simplesamlphp/simplesamlphp-module-oidc
• F-TICKS support added
• Docker image for testing
• Sprint Recording and OIDC Demo: SSP-OIDC_demo.mp4