Single Sign-on (Shibboleth)

yes/jaStudents yes/jaEmployees yes/jaFaculties yes/jastud. Unions

Kiel University's participation in the DFN-AAI (Authentication and Authorization Infrastructure in the German Research Network) enables all members of Kiel University to enter the 'single sign-on' world for federated web services. The technical prerequisites (Shibboleth) for Kiel University internal use have been created. But also web-based applications of other universities as well as commercial and non-commercial partners can be used across the board. DFN-AAI „creates the necessary relationship of trust as well as an organizational and technical framework for the exchange of user information“ (https://www.aai.dfn.de/en/).

Functionality

Shibboleth ensures a secure and transparent procedure for the use of protected web resources:

SSO-Flow

1: A person visits a protected web resource (service provider) via a web browser and is asked for their home organisation.
2: The service provider forwards the person to the identity provider of his/her home organisation.
3: After successful registration and approval of the person, the defined attributes are transmitted to the service provider.
4: If the transmitted attributes meet the limitations of the service provider, the person gets access to the protected web resource.

Which attributes are transferred?

The basic rule is: As few as possible! Many service providers do not expect any personal attributes at all. In any case, the attributes to be transferred are displayed, and no attributes are transferred without the person's consent.

Complete list of all attributes with their explanations: Shibboleth attributes

Test access

Every valid CIM identifier has access to the DFN Scheduler 4.1 for example.

The login is carried out with the personal identification and the password set for the service 'CAU-Identitaetsprovider (CAUIDP)'. The personal identification can be found in the service portal of the CAU Identity Management (CIM) and a password can be changed in the CIM. To the CIM Service Portal

Guests and partners

For employees of affiliated institutions and external cooperation partners, the existing procedures of the user administration of the computing centre remain unchanged. However, for this group of persons the prerequisites for a 'single sign-on' to federated services must be created by the respective home organisation of the person himself.

Contact: idmadmin@rz.uni-kiel.de

Responsible

This list of responsible service supervisor is generated automatically.