Fundación para la Ciencia Y la Tecnología

The Fundación para la Ciencia Y la Tecnología approached PRiSE to deploy a simpleSAMLphp in the scenario of the SAU-WoK system of the FECYT with the goal of having a identity provider that was compatible with the technology of the ISI Web of Knowledge.

Escenario Inicial

The complex scenario had different elements that were developed for different protocols:

  • Protected Web Applications: the FrontOffice, AdminWoK and other web applications are protected with a PoA PAPI, allowing the access to some specified user's profiles.
  • PAPI Proxy: deployed for the ISI Knowledge access and for the full-text resources.
  • FECYT GPoA: componente that uses the PoAs to delegate the authorization and gain the user's credentials.
  • PAPI Identity Providers: for each one of the web applications protected and for the PAPI proxies it has been deployed an PAPI AuthServer, connected with the LDAP of SAUWoK.
  • Infraestructura conexión SIR: para conectar SAU-WoK con el acceso federado a ISI Thomson se han desplegado una serie de conectores y se ha incluido a la FECYT en el SIR

The deployed solution for this scenario was to integrate the following elements:

  • PAPI Identity Provider of the FECYT, as the only identity provider for the SAU-WoK project, in order to decrease the number of identity providers and to facilitate the management of this scenario.
  • SAML 1.1 Identity Provider in SAU-WoK. This software was integrated with the initial PAPI deployment in the FECYT infrastructure.
  • SIR FECYT plugin: icGPoA that joins the FECYT infrastructure with the SIR federation. This deployment is used to redirect to an user to his identity provider inside the SIR federation and it is used also to act as the identity provider of the FECYT inside the SIR Federation.

Besides from the technical matters to decrease the complexity of the initial SAU-WoK scenario, it was an obligation to manage that the user wouldn't notice any important change in the access to the system.