Authentication via DFN-AAI
Secure access to online services through the Shibboleth Identity Provider (IdP)
The University of Bonn takes part in the authentication and authorization infrastructure of the DFN (DFN-AAI)
Concept
A number of online portals require authentication of the users. They ensure that the users:
- are members of the University of Bonn
- belong to the authorized user groups
- have a specific authorization for the services
- can use the Uni-ID and the corresponding password for access
In order to fulfill these requirements, the University of Bonn takes part in the authentication and authorization infrastructure of the DFN (DFN-AAI) that simplifies the access of authorized users within the “Wissensschaftsnetz” (science network) and increases data protection when using the resources of DFN-AAI contract partners.
The Uni-ID and the password will be tested against the established authentication and authorization systems in the HRZ and will not leave the University of Bonn. The attributes that are needed by the service providers will only be transferred after the user has given his or her confirmation. The confirmation is needed once per service provider.
All users at the University of Bonn are assigned to the roles students, staff and guests. Depending on the conditions of the service provider, only certain user groups will be granted access.
Access to external services
The users of the University of Bonn often need ICT resources offered by third-party providers for teaching, study and research, such as electronic services offered by publishing companies for online research, internet portals for downloading resources or ordering hardware under special university-specific conditions. Many of these providers have contracts with the University of Bonn that specify the terms of use and operate under the condition that only a limited group of authorized users are granted access at the university. The procedure up to now has been that the service providers themselves conducted the authentication and authorization of the end users. For this purpose, they either conducted an IP address verification or implemented a verification of the access data of the end users within their online services.
- The address verification entails disadvantages on both sides. The service provider has no possibility to assign different license conditions to different user groups; the access for the end users is problematic when they are located outside of the home institution.
- The verification of access data requires that the provider receives, processes and saves this data. When the provider creates their own access data, this leads to a large quantity of access data that is difficult to manage and control. In these cases, the users themselves register with the providers and enter their personal data in an online form. When, on the other hand, the provider inserts the access data from the home institution and forwards the received data to them for verification, the provider has access to sensitive data.
You can find the first online services that you can use via the Shibboleth IdP here:
| Service | Availability | Roles |
|---|---|---|
| Aachen GigaMove | everywhere | - everyone |
| Wiley Online Library | everywhere | - Student - Staff member |
|
Web Conferences with Adobe Connect (DFNVC) | everywhere | - Staff member |
| Web Of Knowledge |
outside of BONNET with Shibboleth inside of BONNET without login
| - Student |
| Vifarom - Virtuelle Fachbibliothek Romanischer Kulturkreis | everywhere | - Student - Staff member |
| SpringerLink | outside of BONNET with Shibboleth | - Student - Staff member |
| ScienceDirect | everywhere | - Student - Staff member |
| JSTOR | outside of BONNET with Shibboleth inside of BONNET without login | - Student - Staff member |
| De Gruyter Online | outside of BONNET with Shibboleth inside of BONNET without login | - Student - Staff member |
|
ProQuest und Chadwyck-Healey (a selection, see List of Individual Databases/Journals) | outside of BONNET with Shibboleth inside of BONNET without login | - Student - Staff member |
| TextGrid Virtual research environment for the humanities | everywhere | - everyone |
| List of Individual Databases/Journals |
Access to internal services
If you operate a central online portal and want to perform the authentication against the Uni-ID, please contact us. We evaluate the possibilities to connect your portal to the Shibboleth IdP.
Queries concerning Shibboleth
- for technical issues contact the HRZ under [Email protection active, please enable JavaScript.]
- for questions regarding specific service providers and licenses contact the ULB under [Email protection active, please enable JavaScript.]
