Introduction
This pilot aims to showcase how the SP-IdP proxy architecture (see also AARC Blueprint Architecture) can be utilsed by a library consortium in order to reduce the number of interactions between IdPs and SPs from both a technical and trust point of view, while preserving the privacy of users.
Detailed description
A detailed description of the aim and approach of this pilot and how it maps in the AARC Blueprint Architecture is available here
Demonstration portal
For the purpose of this pilot, we have enabled federated access to a Demo Library Service Provider.
Workflow
1. | Access the Demo Library Service Provider Portal at https://lib-sp1.pilots.aarc-project.eu | |
2. | Click Connect and select your Identity Provider from the discovery page (WAYF). You may select any of the following options:
| |
3. | Enter your login credentials to authenticate yourself with the IdP of your Home Organisation. | |
4. | After successful authentication, you may be prompted by your Home Organisation to consent to the release of personal information to the AARC/HEAL-Link libraries pilot service provider proxy | |
5. | On the HEAL-Link AAI Consent about releasing personal information page, click Yes, continue to consent to the release of personal information to the HEAL-Link Test library Service Provider. If you select the Remember option, your browser will remember your choice unless you clear your cookies or restart the browser. | |
6. | Once redirected to the Portal Portal you will be presented with the attributes released by your Home Organisation. An appropriate information message indicates whether access is allowed or not. This is determined based on the value of the eduPersonEntitlement attribute. |
Components
- SimpleSAMLphp (version 1.14 incorporating PR #344: Add Greek support)
- Memcached (version 1.4.21)
- Shibboleth (Service Provider version 2.5.3 for the Demo Portal)