Welcome

• Rolf Krahl (Helmholtz-Zentrum Berlin für Materialien und Energie (HZB))

Introduction to UmbrellaID

• Björn Erik Abt (PSI - Paul Scherrer Institut)
• Jean-François Perrin (ESRF)

What is UmbrellaID How to request the integration of a service.

Overview of the EOSC AAI Federation

• Christos Kanellopoulos

Authorisation Model

• Jean-François Perrin (ESRF)

2 possible models will be presented - Local mapping of identities at the SP level. - Community model.

SSO protocols: SAML and OIDC

• Björn Erik Abt (PSI - Paul Scherrer Institut)
• Christos Kanellopoulos

Introduction of protocols. Explanation of the workflows. How are the tokens travelling? Tools for debugging. Q&A

cURL demonstration of OIDC and the integration in your application

• Björn Erik Abt (PSI - Paul Scherrer Institut)
• Christos Kanellopoulos

Keycloak introduction

• Jean-François Perrin (ESRF)

Why setting up a local SSO for your organisation? Why Keycloak?

Hands on session: connecting your Keycloak to UmbrellaID

• Christos Kanellopoulos
• Antoine Roux (ESRF)
• Jean-François Perrin (ESRF)

In order to get the full benefit from this session, participants need to have access to a running Keycloak accessible from the Internet. It should have access to the internet and should be accessible from the internet (ideally direct access, but HTTP proxy and reverse HTTP proxy are also valid scenarios to get these access). DNS resolution should be in place and should be identical from everywhere (I.E. the machine should be referenced with the same domain name from the RI/lab intranet and public internet network), you also need to have a valid X509 server certificate. Your Keycloak instance will be linked it to the UmbrellaID (acceptance or production) environment to demonstrate the full flow.

Moonshot

• Björn Erik Abt (PSI - Paul Scherrer Institut)

Introduction to non web authentication Demonstration of Moonshot

Wrapup and Q&A