|Main||EGI.eu operations services||Support||Documentation||Tools||Activities||Performance||Technology||Catch-all Services||Resource Allocation||Security|
Coordinator: Peter Solagna/EGI.eu
This wiki page contains the information about a proof of concept to enable SAML credentials on EGI services. This task is a joint activity between SURFnet and EGI.
The goal of this activity is to use federated identity credentials, specifically SAML ones, directly in the services without using any X509 credential to bridge to EGI services. The main objective is to demonstrate that user communities can manage independently user membership and user authorization on the services in a coordinated way, with a similar workflow as it is done now with the VOMS services. The goal of this activity is not to deploy production services, but to test the technical feasibility of the integration of SAML technology in the EGI services, maintaining the features that user need to manage their communities in a distributed infrastructure.
The working group will test the technical services from October to December 2013. At the end of this period a short report with the outcomes and the technical suggestions will be prepared and potentially attached to the EGI-InSPIRE deliverables.
- Connect cloud services to the SURFnet OpenConext service to retrieve SAML assertions containing user identities and attributes that describe the user capabilities.
- Cloud stacks to be integrated:
- Connect attribute providers to OpenConext
- Test the feasibility of solutions not including the aggregator (OpenConext)
Currently the following sites are participating to the proof of concept:
Identity providers, and attribute providers:
- SURFnet, OpenConext
How to Join
Summary of the technical information gathered by the working group.
Metadata of service providers and identity providers
|Service provider||Cloud stack||Link to metadata||Endpoint to the cloud service GUI|
|IdP||Protocol||Link to metadata|
|EGI SSO||Shibboleth IdP 2.3.8||https://www.egi.eu/idp/shibboleth|