Integrating a custom-requested Identity Provider

Access to the LS Login requires sometimes that the user has a confirmed affiliation with a home organisation (e.g. a university, research institution or private company). The preferred way for the LS to learn the affiliation is by the user logging into the LS Login using the home organisation credentials and the home organisation programmatically releases an attribute describing the affiliation (for instance, an assertion that they are a researcher at the university) to the LS Login.

For technical and other reasons, not all home organisations support it. To integrate a custom-requested Identity Provider, a standardised procedure has been developed. This flow can be initiated either from the user of an Identity Provider or its operator or from the Life Science AAI operators. The procedure can be briefly summarised in the following steps:

  1. A contact between the Life Science AAI team and the Identity provider operator is established. A user/operator of the Identity Provider contacts the Life Science AAI support team via email support(at)aai.lifescience-ri.eu  and requests the Identity provider to be added.
  2. Identity Provider sets up the Life Science AAI as a service-consuming authentication on the side of the Identity provider. This part is done by the requesting entity (saml metadata link)
  3. Life Science AAI operators set up the requested Identity Provider on the side of Life Science AAI as one of the login alternatives.
  4. Identity Provider user/operator demonstrates the integration works by logging into an attribute conformance check service (link) operated by the Life Science AAI using the integrated Identity Provider.

Scroll to Top