Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: replaced old support email with support@aai.lifescience-ri.eu

...

  1. Follow below instruction to prepare your service
  2. Send an email to support@lifescienceid.org containingto support@aai.lifescience-ri.eu containing:
    1. Name of the service
    2. Link to SAML2 metadata or OIDC clientID
    3. Contact email
  3. You will receive confirmation when the service will be technically integrated

...

You can get the metadata of the LifeScience IdP on a dedicated URL that depends on the integration environment being used:

Metadata considerations

Metadata provided by your SP should contain a descriptive name of the service that your SP represents in at least English. It is recommended to also provide the name in other languages which are commonly used in the geographic scope of the deployment. The name should be placed in the <md:ServiceName> in the <md:AttributeConsumingService> container.

...

The LifeScience IdP is guaranteed to release a minimal subset of the REFEDS Research & Scholarship attribute bundle to connected Service Providers. A more extensive list of all the attributes that may be made available to Service Providers is included in the following table:

Attribute DescriptionAttribute Friendly NameAttribute OIDAttribute Example Value
Life Science unique ID; this is a persistent, non-reassigned, non-targeted identifier, which is always scoped @lifescienceid.orgeduPersonUniqueIdurn:oid:1.3.6.1.4.1.5923.1.1.1.13

ef72285491ffe53c39b75bdcef46689f5d26ddfa00312365cc4fb5ce97e9ca87@lifescienceid.org

Life Science username; this is is a user-selected, human-readable, revocable identifierTBDTBD

jdoe@lifescienceid.org

Email addressmailurn:oid:0.9.2342.19200300.100.1.3john.doe@example.org
Display namedisplayNameurn:oid:2.16.840.1.113730.3.1.241John Doe
First namegivenNameurn:oid:2.5.4.42John
Family namesnurn:oid:2.5.4.4Doe
Assurance informationeduPersonAssuranceurn:oid:1.3.6.1.4.1.5923.1.1.1.11TBD
Affiliation within research infrastructureeduPersonScopedAffiliationurn:oid:1.3.6.1.4.1.5923.1.1.1.9affiliate@lifescienceid.org
Affiliation within Home OrganisationvoPersonExternalAffiliationhttps://welcome.lifescienceid.org/attribute-definition/voPersonExternalAffiliation/v1 (only released in pilot environment)member@example.org
Entitilement(s): One or more URIs (either URNs or URLs) that indicate rights to specific resources; URN values expressing group membership and role information use the urn:geant:lifescienceid.org:group namespace (see also AARC-G002)eduPersonEntitlementurn:oid:1.3.6.1.4.1.5923.1.1.1.7

urn:geant:lifescienceid.org:group:examplegroup#perun.pilots.lifescienceid.org

urn:geant:lifescienceid.org:group:examplegroup:examplesubgroup#perun.pilots.lifescienceid.org

urn:geant:lifescienceid.org:group:examplegroup:examplesubgroup:role=manager#perun.pilots.lifescienceid.org

One or more ORCID researcher identifierseduPersonOrcidurn:oid:1.3.6.1.4.1.5923.1.1.1.16http://orcid.org/0000-0002-1825-0097


Services using OpenID Connect (OIDC) protocol

...

Scope in the LS-AAI defines what claims or user attributes the OIDC client can access. Following three standard scopes with corresponding claims are provided:

ScopeClaim (User Attribute Name)Attribute Example Value
openidsubf99bba1f6384c659ecfdba26552f5ad5fabc2741@lifescienceid.org
profile


cn

cemailgivenNamesneduPersonUniqueId
email
given_name
family_name



Isaac Newton

isaacnewton@university-example.org
Isaac
Newton


emailemailisaacnewton@university-example.org
refeds_edu
(TBD)


eduperson_unique_id
eduperson_entitlement
eduperson_scoped_affiliation
eduperson_assurance



f99bba1f6384c659ecfdba26552f5ad5fabc2741@lifescienceid.org
urn:geant:lifescienceid.org:group:lifescience-test:members#perun.lifescienceid.org
affiliate@lifescienceid.org
urn:geant:lifescienceid.org:assurance:rs-sirtfi


Self Service Home Page

Following endpoint can be used to change password, OIDC redirect/callback URIs and SP url attribute:

...