New edu-ID Identity Model for OpenID Connect (RFC)

The future belongs to OpenID Connect. More and more services drift away from using SAML as authentication protocol since it is not actively developed anymore and lacks support for use cases like mobile or single-page applications or OAuth 2.0. As you probably know, the Switch edu-ID has already been providing support for OpenID Connect (or short OIDC) for several years. Services can already use OIDC in order to authenticate users with the edu-ID and get the required information about them to provide a good and seamless user experience, just like for SAML. However, you might also have noticed that the edu-ID OIDC support does not yet cover all capabilities which are covered by SAML.

Continue reading “New edu-ID Identity Model for OpenID Connect (RFC)”

The new semester has started

In the past week, the fall semester 2025 started! Many institutions have welcomed new students and the rooms are again full of people, full of life. For those starting their studies, it is a time of change, where they develop new habits, possibly move into a new apartment, and most importantly start learning more deeply about their field of interest.

Continue reading “The new semester has started”

Load Testing the edu-ID IdP

On a Monday morning, at the start of the fall semester 2024, many students were unable to log into their edu-ID account. A nightmare for students, IT administrators – and also the edu-ID team who was working actively to fix the issue as soon as possible.

What was the cause of this incident? A retrospective analysis found that the issue was a missing index in a database table. Really, a missing index? Why did we not detect this earlier, even though this problematic table had been in use for several months without any problem? It turns out, we load tested the new MFA API when launching it, but it seems that it wasn’t with a sufficiently large and diverse dataset. Therefore, it was only at semester start that such a high load made the problem apparent.

Continue reading “Load Testing the edu-ID IdP”

Two new identifier attributes: subject-id and pairwise-id

The new identifier attributes gain more and more traction in the SAML-based identity federations. Find out what issues they address, what characteristics they have and who can use them in which scenarios.

Continue reading “Two new identifier attributes: subject-id and pairwise-id”

Hacking for Good

In July this year the edu-ID account management was reimplemented almost from scratch. Not only did the design change but so did much of the technology behind it, including the programming framework. Because we take security and data privacy very seriously, we asked our colleagues from the Switch security team to do a preliminary penetration test before the launch. This first penetration test provided us with the confidence to release the new account management into the wild. But to be doubly sure, we decided to run also a second penetration test after launch with an external company. And so we did.

Continue reading “Hacking for Good”

Enforcing multi-factor authentication for university members

Until now, either a service in the edu-ID federation could protect the login process with multi-factor authentication (MFA) or an edu-ID user herself. Now edu-ID also allows universities to define rules for all their users that enforce the use of MFA.

Continue reading “Enforcing multi-factor authentication for university members”

The Swiss E-ID, the European Union’s eID – and the link to Switch edu-ID and eduGAIN

The E-ID of Switzerland is currently being shaped and formed with interested parties contributing to this process on the community platform of the Swiss federal authorities. As research and education are border-less Switch took a stand to point out the importance of the E-ID to stay in line with international developments. Particularly relevant is the emerging eID of the EU and the Trust Services of EBSI (European Blockchain Services Infrastructure) as a potential trust pillar underpinning it.

But where does our identity solution Switch edu-ID together with its international extension eduGAIN of GÉANT fit into this picture, if at all? Continue reading “The Swiss E-ID, the European Union’s eID – and the link to Switch edu-ID and eduGAIN”

Switch edu-ID launches Passwordless Login with Passkeys

We all know the problem well enough: using passwords is tedious and insecure. With Passkey, however, an alternative has been created with which Internet users can not only log in more easily, but also more securely. Switch is therefore extremely pleased to announce the immediate support of Passkey in Switch edu-ID.

Continue reading “Switch edu-ID launches Passwordless Login with Passkeys”