Getting Started: Setting up an edu-ID Service
1. Contractual Preparation
Before you integrate an application into the SWITCHaai federation, your organization must become a "federation partner".
SWITCH edu-ID is a service offering in the SWITCHaai federation. Currently edu-ID supports the SAML and the OpenID Connect protocol.
The instructions to set up a service for SAML can be found here:
OpenID Connect (OIDC) is a new edu-ID service. It's functionality is limited compared to SAML, but it will be continuously extended in the future:
SWITCH edu-ID offers a very comprehensive data model in different variants.
|classic attribute model||To access a service, a user chooses the home organization in the discovery service ("were are you from?"). The service receives an attribute assertion from the selected home organization. The assertion is compatible with traditional SWITCHaai assertions||configure intended audience without private identities||(not supported)|
|edu-ID only classic||To access a service, the user directly authenticates (without choosing a home organization). The service receives a attribute assertion of the user's private identity, independent of any organizational affiliation.||configure intended audience exclusively private identities||require scopes profile, email or swissEduIDBase|
|extended attribute model light||Like edu-ID only classic. The service can determine organizational roles and email addresses by evaluating swissEduIDLinked* attributes.||require attributes swissEduIDLinked*||require scope swissEduIDExtended|
|extendend attribute model||Like extended attribute model light. Additional organizational affiliation attributes are fetched via affiliation API.||Get additional attributes via affiliation API with read-only permissions.|
4. Advanced Service Configuration
Options to enhance the service quality, usability or security