AAI

From EGIWiki
Jump to: navigation, search
Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


Tools menu: Main page Instructions for developers Accounting Repository AppDB GGUS Message brokers ARGO Operations Portal GOCDB
AAI Proxy Metric Portal Licenses OTAGs Accounting Portal e-GRANT Perun Gstat LToS


Contents


The EGI CheckIn service (also called EGI AAI proxy) enables access to EGI services and resources using federated authentication mechanisms. Specifically, the proxy service is operated as a central hub between federated Identity Providers (IdPs) residing ‘outside’ of the EGI ecosystem, and Service Providers (SPs) that are part of EGI. The main advantage of this design principle is that all entities need to establish and maintain technical and trust relation only to a single entity, the EGI AAI proxy, instead of managing many-to-many relationships. In this context, the proxy acts as a Service Provider towards the Identity Providers and as an Identity Provider towards the Service Providers.

Through the EGI AAI proxy, users are able to authenticate with the credentials provided by the IdP of their Home Organisation (e.g. via eduGAIN), as well as using social identity providers, or other selected external identity providers (support for eGOV IDs is also foreseen). To achieve this, the EGI AAI has built-in support for SAML, OpenID Connect and OAuth2 providers and already enables user logins through Facebook, Google, LinkedIn, and ORCID. In addition to serving as an authentication proxy, the EGI AAI provides a central Discovery Service (Where Are You From – WAYF) for users to select their preferred IdP.

The EGI AAI proxy is also responsible for aggregating user attributes originating from various authoritative sources (IdPs and attribute provider services) and delivering them to the connected EGI service providers in a harmonised and transparent way. Service Providers can use the received attributes for authorisation purposes, i.e. determining the resources the user has access to.

Tool name EGI AAI Checkin Service
Tool Category and description EGI Core service

Provides Authentication and Authorisation capabilities enabling user-friendly and secure access to EGI services

Tool url https://aai.egi.eu/oidc/
Email egi-aai-checkin@lists.grnet.gr
GGUS Support unit N/A
GOC DB entry N/A
Requirements tracking - EGI tracker N/A
Issue tracking - Developers tracker N/A
Release schedule https://wiki.egi.eu/wiki/EGI-Engage:TASK_JRA1.1_Authentication_and_Authorisation_Infrastructure#Development_Roadmap
Release notes Ν/Α
Roadmap https://wiki.egi.eu/wiki/EGI-Engage:TASK_JRA1.1_Authentication_and_Authorisation_Infrastructure
Related OLA N/A
Test instance url https://aai-dev.egi.eu/oidc/
Documentation https://wiki.egi.eu/wiki/AAI#Documentation
License Apache License 2.0
Provider GRNET
Source code https://github.com/rciam


Change, Release and Deployment

TBD


Documentation

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox
Print/export