...
- Follow below instruction to prepare your service
- Send an email to support@lifescienceid.org containingto support@aai.lifescience-ri.eu containing:
- Name of the service
- Link to SAML2 metadata or OIDC clientID
- Contact email
- You will receive confirmation when the service will be technically integrated
...
You can get the metadata of the LifeScience IdP on a dedicated URL that depends on the integration environment being used:
| Development environment | Production environment |
|---|---|
| https://saml.pilot.lifescienceid.org/proxy/saml2/idp/metadata.php | https://saml.lifescienceid.org/proxy/saml2/idp/metadata.php |
Metadata considerations
Metadata provided by your SP should contain a descriptive name of the service that your SP represents in at least English. It is recommended to also provide the name in other languages which are commonly used in the geographic scope of the deployment. The name should be placed in the <md:ServiceName> in the <md:AttributeConsumingService> container.
...
The LifeScience IdP is guaranteed to release a minimal subset of the REFEDS Research & Scholarship attribute bundle to connected Service Providers. A more extensive list of all the attributes that may be made available to Service Providers is included in the following table:
| Attribute Description | Attribute Friendly Name | Attribute OID | Attribute Example Value |
|---|---|---|---|
Life Science unique ID; this is a persistent, non-reassigned, non-targeted identifier, which is always scoped @lifescienceid.org | eduPersonUniqueId | urn:oid:1.3.6.1.4.1.5923.1.1.1.13 |
|
| Life Science username; this is is a user-selected, human-readable, revocable identifier | TBD | TBD |
|
| Email address | mail | urn:oid:0.9.2342.19200300.100.1.3 | john.doe@example.org |
| Display name | displayName | urn:oid:2.16.840.1.113730.3.1.241 | John Doe |
| First name | givenName | urn:oid:2.5.4.42 | John |
| Family name | sn | urn:oid:2.5.4.4 | Doe |
| Assurance information | eduPersonAssurance | urn:oid:1.3.6.1.4.1.5923.1.1.1.11 | TBD |
| Affiliation within research infrastructure | eduPersonScopedAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.9 | affiliate@lifescienceid.org |
| Affiliation within Home Organisation | voPersonExternalAffiliation | https://welcome.lifescienceid.org/attribute-definition/voPersonExternalAffiliation/v1 (only released in pilot environment) | member@example.org |
Entitilement(s): One or more URIs (either URNs or URLs) that indicate rights to specific resources; URN values expressing group membership and role information use the urn:geant:lifescienceid.org:group namespace (see also AARC-G002) | eduPersonEntitlement | urn:oid:1.3.6.1.4.1.5923.1.1.1.7 |
|
| One or more ORCID researcher identifiers | eduPersonOrcid | urn:oid:1.3.6.1.4.1.5923.1.1.1.16 | http://orcid.org/0000-0002-1825-0097 |
Services using OpenID Connect (OIDC) protocol
...
Scope in the LS-AAI defines what claims or user attributes the OIDC client can access. Following three standard scopes with corresponding claims are provided:
| Scope | Claim (User Attribute Name) | Attribute Example Value | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| openid | sub | f99bba1f6384c659ecfdba26552f5ad5fabc2741@lifescienceid.org | ||||||||
| profile |
|
| ||||||||
| isaacnewton@university-example.org | ||||||||||
| refeds_edu |
|
|
Self Service Home Page
Following endpoint can be used to change password, OIDC redirect/callback URIs and SP url attribute:
...