The AARC team has piloted existing AAI solutions to assess whether they meet the functional and technical integration requirements of research communities and e-infrastructures. Where possible, the components were improved with additional features as needed.
Our goal is to improve the usability and the visibility of useful AAI solutions and components. To do this, they are described according to a standard template that includes the aim of the pilot, the software sources used, a functional flow and where possible a live demo. (All links lead to the AARC wiki.)
Solutions to expand the reach of federated access
Libraries Consortium Proxies
The SP-IdP proxy architecture can be used by a library consortium to reduce the number of interactions between identity providers and service providers from both a technical and trust point of view, while preserving the privacy of users.
Linking persistent IDs
Leveraging COmanage allows researchers to link their ORCID identity to institutional accounts, and to write ORCID to LDAP for use in collaboration services.
Libraries EZproxy access mode switch pilot
EZproxy can act as a switch from IP based proxy to access non-federated resources to SAML SSO redirect proxy, to entitle users to federated online resources if they own SAML2-IDP provided credentials.
Libraries walk-in-user pilot
Provide access to library resources for users without federated identities via a kiosk.
External identity provider pilot
Support researchers who are not affiliated with traditional home organisations, as well as those whose identity providers are not part of any of the eduGAIN federations.
Testing technical and policy components
BBMRI AAI Pilot
Manage group membership attributes or other attributes from multiple sources, which can be used in a federated environment to regulate access to BBMRI services.
Perun VOMS CILogon Pilot
Enable certificate-based access to Elixir and EGI services with VOMS and RCAuth.eu.
IGTF to eduGAIN proxy
Re-use existing issued certificates in order to access services published to eduGAIN.
Enables access to X.509-based resources via federated login and without the need for users to understand the intricacies of a Public Key Infrastructure: RCAuth.eu
COmanage SSH pilot
Enable a researcher to enrol a collaborative organisation and to upload an SSH public key for access to non-web resources with COmanage.
Manage credentials for services that do not natively support OpenID Connect by using the WaTTS token translation service.
Use OIDC to generate a session where an RCauth Certificate is stored in WaTTS.
LDAP Facade CLI pilot
Provide access to non-web resources via SAML and PAM with LDAPfacade.
Cross infrastructure pilots
Enabling federated access to third party services
Seafile with SAML federation pilot
Enable federated access and IdP selection to get access to the Seafile file sync and share service.
Collabora & NextCloud Demos
Explore federated access to the NextCloud web-based document management service and the Collabora Online office suite.