| Table of Contents |
|---|
...
Regisration procedure
- Follow below instruction to prepare your service
- Send an email to support@lifescienceid.org containing:
- Name of the service
- Link to SAML2 metadata or OIDC clientID
- Contact email
- You will receive confirmation when the service will be technically integrated
Services using SAML2 protocol
Metadata registration
SAML authentication relies on the use of metadata. Both parties (you as a SP and the LifeScience IdP) need to exchange metadata in order to know and trust each other. The metadata include information such as the location of the service endpoints that need to be invoked, as well as the certificates that will be used to sign SAML messages. The format of the exchanged metadata should be based on the XML-based SAML 2.0 specification. Usually, you will not need to manually create such an XML document, as this is automatically generated by all major SAML 2.0 SP software solutions (e.g., Shibboleth, SimpleSAMLphp, and mod_auth_mellon). It is important that you serve your metadata over HTTPS using a browser-friendly SSL certificate, i.e. issued by a trusted certificate authority.
...
| Attribute Description | Attribute Friendly Name | Attribute OID | Attribute Example Value |
|---|---|---|---|
Life Science unique ID; this is a persistent, non-reassigned, non-targeted identifier, which is always scoped @lifescienceid.org | eduPersonUniqueId | urn:oid:1.3.6.1.4.1.5923.1.1.1.13 |
|
| Life Science username; this is is a user-selected, human-readable, revocable identifier | TBD | TBD |
|
| Email address | mail | urn:oid:0.9.2342.19200300.100.1.3 | john.doe@example.org |
| Display name | displayName | urn:oid:2.16.840.1.113730.3.1.241 | John Doe |
| First name | givenName | urn:oid:2.5.4.42 | John |
| Family name | sn | urn:oid:2.5.4.4 | Doe |
| Assurance information | eduPersonAssurance | urn:oid:1.3.6.1.4.1.5923.1.1.1.11 | TBD |
| Affiliation within research infrastructure | eduPersonScopedAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.9 | affiliate@lifescienceid.org |
| Affiliation within Home Organisation | voPersonExternalAffiliation | https://welcome.lifescienceid.org/attribute-definition/voPersonExternalAffiliation/v1 (only released in pilot environment) | member@example.org |
Entitilement(s): One or more URIs (either URNs or URLs) that indicate rights to specific resources; URN values expressing group membership and role information use the urn:geant:lifescienceid.org:group namespace (see also AARC-G002) | eduPersonEntitlement | urn:oid:1.3.6.1.4.1.5923.1.1.1.7 |
|
| One or more ORCID researcher identifiers | eduPersonOrcid | urn:oid:1.3.6.1.4.1.5923.1.1.1.16 | http://orcid.org/0000-0002-1825-0097 |
Services using OpenID Connect (OIDC) protocol
OIDC Client Registration
LifeScience Authentication and Authorisation Infrastructure (LS-AAI) supports LifeScience community's OpenID Connect (OIDC) based clients or service providers. The providers are Web applications like SAML SPs. For the integration, the clients must be registered with OIDC authorisation server provided by the LS-AAI. The operators of the clients are required to provide OIDC client credentials (client id and secret) and redirect or callback URI for the successful registration.
...