...
Social Identities need to be linked to eduGAIN federated ones; Subsequently, they need to be enriched with Attributes entitling users to be authorized to SAML Service Providers.
Possible functional Functional components:
1) OAuth2/OIDC Identity Provider providing Claims ( Is TEIP from GN4 an option at this stage)
...
5) eduGAIN SP to check AuthN/AuthZ against: Openstack Keystone configured as SAML SP ( Federated Keystone )
HANDS ON FOR INTERESTED USERS TO TRY OUT: SocialIDCockpitPanel External identity provider pilot