You are here: Home Services Identity Management Authentication Authentication via DFN-AAI

Authentication via DFN-AAI

Secure access to online services through the Shibboleth Identity Provider (IdP)

DFN-AAIShibboleth

The University of Bonn takes part in the authentication and authorization infrastructure of the DFN (DFN-AAI)

Concept

A number of online portals require authentication of the users. They ensure that the users:
  • are members of the University of Bonn
  • belong to the authorized user groups
  • have a specific authorization for the services
  • can use the Uni-ID and the corresponding password for access
In order to fulfill these requirements, the University of Bonn takes part in the authentication and authorization infrastructure of the DFN (DFN-AAI) that simplifies the access of authorized users within the “Wissensschaftsnetz” (science network) and increases data protection when using the resources of DFN-AAI contract partners.
The Uni-ID and the password will be tested against the established authentication and authorization systems in the HRZ and will not leave the University of Bonn. The attributes that are needed by the service providers will only be transferred after the user has given his or her confirmation. The confirmation is needed once per service provider.

All users at the University of Bonn are assigned to the roles students, staff and guests. Depending on the conditions of the service provider, only certain user groups will be granted access. 

Access to external services

The users of the University of Bonn often need ICT resources offered by third-party providers for teaching, study and research, such as electronic services offered by publishing companies for online research, internet portals for downloading resources or ordering hardware under special university-specific conditions. Many of these providers have contracts with the University of Bonn that specify the terms of use and operate under the condition that only a limited group of authorized users are granted access at the university. The procedure up to now has been that the service providers themselves conducted the authentication and authorization of the end users. For this purpose, they either conducted an IP address verification or implemented a verification of the access data of the end users within their online services. 
 
  • The address verification entails disadvantages on both sides. The service provider has no possibility to assign different license conditions to different user groups; the access for the end users is problematic when they are located outside of the home institution. 
  • The verification of access data requires that the provider receives, processes and saves this data. When the provider creates their own access data, this leads to a large quantity of access data that is difficult to manage and control. In these cases, the users themselves register with the providers and enter their personal data in an online form. When, on the other hand, the provider inserts the access data from the home institution and forwards the received data to them for verification, the provider has access to sensitive data. 

 

You can find the first online services that you can use via the Shibboleth IdP here:

Service Availability Roles
Aachen GigaMove everywhere - everyone
Wiley Online Library everywhere - Student
- Staff member
Web Conferences
with Adobe Connect
(DFNVC)
everywhere - Staff member
Web Of Knowledge

 

outside of BONNET with Shibboleth
inside of BONNET without login

 

- Student
- Staff member

Vifarom -
Virtuelle Fachbibliothek
Romanischer Kulturkreis
everywhere - Student
- Staff member
SpringerLink

outside of BONNET with Shibboleth
inside of BONNET without login

- Student
- Staff member
ScienceDirect everywhere - Student
- Staff member
JSTOR outside of BONNET with Shibboleth
inside of BONNET without login
- Student
- Staff member
De Gruyter Online outside of BONNET with Shibboleth
inside of BONNET without login
- Student
- Staff member
ProQuest  und Chadwyck-Healey
(a selection, see List of Individual Databases/Journals)
outside of BONNET with Shibboleth
inside of BONNET without login
- Student
- Staff member
TextGrid Virtual research environment for the humanities everywhere - everyone
List of Individual Databases/Journals    

 

Access to internal services

If you operate a central online portal and want to perform the authentication against the Uni-ID, please contact us. We evaluate the possibilities to connect your portal to the Shibboleth IdP. 

Queries concerning Shibboleth

  • for technical issues contact the HRZ under info-hrz@uni-bonn.de
  • for questions regarding specific service providers and licenses contact the ULB under ebib@ulb.uni-bonn.de

 

Document Actions