Category: SWITCHaai

How to support Research with AAI

AAI is not only used within Switzerland. As of today there are 44 production and 17 pilot identity federations like AAI known around the world. 34 of the production federations are also part of the interfederation service eduGAIN, which interconnects these federations and allows AAI users of Interfederation-enabled Swiss institutions to access AAI services operated in other eduGAIN federations. Vice versa, AAI services in SWITCHaai (e.g. operated at CERN) now also be easily opened to and accessed by users from other eduGAIN federations.

Using AAI across national borders is in particular useful for research projects whose participants often come from different countries in the world. How research can benefit from eduGAIN and how SWITCH in the context of the GÉANT project is helping research projects to make use of AAI internationally is described in a new SWITCH story called “The recipe for cutting-edge international research“.

AAI & Swiss edu-ID Update Event

Thursday 13 August 2015, Berne

Would you like to know more about the SWITCHaai current state, IdP Clustering, MFA and eduGAIN, or more about how Swiss edu-ID progresses, outcomes, next steps and what pilots are on the way?
Then we would like to invite you to this event with an AAI Update in the morning (10:15 – 12:00)

  • SWITCHaai Status Update
  • IdP Clustering
  • Multi-factor Authentication and Shibboleth IdPv3
  • SP Reverse Proxy Server at ZHAW
  • How the SAMLtrace Firefox add-on can be useful
  • eduGAIN: An Opportunity for Research Collaborations
  • eduGAIN Access Check (also a topic of interest for SWITCHaai?)

followed by a Swiss edu-ID Update in the afternoon (13:15 – 16:15) to inform and discuss about

  • The future of AAI and Swiss edu-ID; Outlook to Swiss edu-ID 2.0
  • Results from the working groups and call for new working groups
  • Swiss edu-ID 1.0: Status
  • Pilot Projects Overview
  • Adoption of OAuth2, OpenID Connect in the Swiss edu-ID.

Details and registration

Simplify Shibboleth IdP Debugging: Quickly Identify Related Log Entries

Why isn’t it possible to easily identify all log messages belonging to particular user that authenticated at a Shibboleth Identity Provider?” This question was asked at the SWITCH Shibboleth Training in June 2015. Many other Shibboleth Identity Provider (IdP) administrators acknowledged they miss such a useful feature too. It would make debugging Shibboleth login issues easier since parallel user logins at the IdP result in many log entries that become a challenge to analyze. By default, the IdP does not provide enough log information to identify all related log entries  for a particular login attempt.

The answer to this question is: This is possible! It’s in Shibboleth already and it’s easy to use but it is a bit hidden. There are two key ingredients needed to activate this.

Continue reading “Simplify Shibboleth IdP Debugging: Quickly Identify Related Log Entries”