...
Following discussions within the LSC it was decided that the pilot will deploy SATOSA and pyFF to create a SAML proxy between the eduGAIN institutional identity providers and the LSC's service providers. This would allow LSC and Virgo members to use their institutional credentials to access LSC resources directly. Institutional identies would be mapped to a user's albert.einstein identity via an internal account linking, and LIGO specific information; in particular group and identity information would be used to annotate the account. SATOSA will act as the central SAML Proxy of the project, while pyFF will be used to aggregate SAML metadata from Edugain and the LSC, and also provide the discovery service interface.
Components
- SAML Proxy: SATOSA
- Metadata Aggregator: PyFF
- Discovery Service: PyFF
- Account Linking: COManage
...
Architecture
SATOSA
PyFF Discovery Service
...