Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "AAI"

From EGIWiki
Jump to navigation Jump to search
m
(Archive content)
Tag: Replaced
 
(27 intermediate revisions by 11 users not shown)
Line 1: Line 1:
{{Template:Op menubar}} {{Template:Tools menubar}} {{TOC_right}}
{| style="border:1px solid black; background-color:lightgrey; color: black; padding:5px; font-size:140%; width: 90%; margin: auto;"
 
| style="padding-right: 15px; padding-left: 15px;" |  
The EGI AAI proxy enables access to EGI services and resources using
|[[File:Alert.png]] This page is '''Deprecated'''; the content has been moved to https://docs.egi.eu/providers/check-in/ and to https://docs.egi.eu/users/aai/check-in/
federated authentication mechanisms. Specifically, the proxy service is
operated as a central hub between federated Identity Providers (IdPs) residing
‘outside’ of the EGI ecosystem, and Service Providers (SPs) that are
part of EGI. The main advantage of this design principle is that all entities
need to establish and maintain technical and trust relation only to a single
entity, the EGI AAI proxy, instead of managing many-to-many relationships. In this context, the proxy
acts as a Service Provider towards the Identity Providers and as an Identity
Provider towards the Service Providers.
 
Through the EGI AAI proxy, users are able to
authenticate with the credentials provided by the IdP of their Home
Organisation (e.g. via eduGAIN), as well as using social identity providers, or other selected external identity providers (support for eGOV IDs is also foreseen). To achieve this, the EGI
AAI has built-in support for SAML, OpenID Connect and OAuth2 providers and
already enables user logins through Facebook, Google, LinkedIn, and ORCID. In
addition to serving as an authentication proxy, the EGI AAI provides a central
Discovery Service (Where Are You From – WAYF) for users to select their
preferred IdP.
 
The EGI AAI proxy is
also responsible for aggregating user attributes originating from various
authoritative sources (IdPs and attribute provider services) and delivering
them to the connected EGI service providers in a harmonised and transparent way.
Service Providers can use the received attributes for authorisation purposes,
i.e. determining the resources the user has access to.
{| class="wikitable"
|-
| '''Tool name'''  
| ''EGI AAI''
|-
| '''Tool Category and description'''
| ''EGI Core service''
Provides Authentication and Authorisation capabilities enabling user-friendly and secure access to EGI services
 
|-
| '''Tool url'''
| https://aai.egi.eu/proxy/<br>
|-
| '''Email'''
| <br>
|-
| '''GGUS Support unit'''
| <br>
|-
| '''GOC&nbsp;DB&nbsp;entry'''
| <br>
|-
| '''Requirements tracking - EGI tracker'''
| <br>
|-
| '''Issue tracking - Developers tracker'''
| <br>
|-
| '''Release schedule'''
| <br>
|-
| '''Release notes'''
| <br>
|-
| '''Roadmap'''
| <br>
|-
| '''Related OLA'''
| ''N/A''
|-
| '''Test instance url'''
| https://snf-689289.vm.okeanos.grnet.gr/proxy/<br>
|-
| '''Documentation'''
| https://wiki.egi.eu/AAI
|-
| '''License'''
| Apache License 2.0
|-
| '''Provider'''
| GRNET
|-
| '''Source code'''
| https://github.com/grnet/egaai-ansible
|}
|}
<br>
= Change, Release and Deployment  =
TBD
= Documentation  =
*[[ AAI_guide_for_IdPs | AAI integration guide for Identity Providers ]]
*[[ AAI_guide_for_SPs | AAI integration guide for Service Providers ]]
[[Category:Tools]]

Latest revision as of 14:37, 15 February 2023

Alert.png This page is Deprecated; the content has been moved to https://docs.egi.eu/providers/check-in/ and to https://docs.egi.eu/users/aai/check-in/