Organizational Registration Service
This is a more detailed description of the organizational registration service.
To set up an organizational registration service an organization basically needs to implement the two web pages
- This page is usually not protected and accessible for the public.
- The user is asked to initiate the linking process. The basic message is:
To register at this university you need a SWITCH edu-ID account. By klicking 'continue' you will be asked to log in with your SWITCH edu-ID. If you don't already have a SWITCH edu-ID you can create one one the fly.
'Continue': link to registration.
After clicking continue, the following happens from the user's perspective. The user is asked to log in with the edu-ID. If the user has no edu-ID he or she can create one on the fly. Finally the user will be asked permission to send the personal edu-ID data back to the page registration. All these processes are handled by the edu-ID service.
- This page is only accessible if the user was able to log in with his or her SWITCH edu-ID account. This can be enforced in various ways:
- Since the user is identified by edu-ID, the page has access to the assertion of a valid shibboleth session.
- Store the edu-ID identifier (swissEduID) that comes with the shibboleth session in the registration application.
- The user can now continue with the registration by filling in a registration form, uploading an application etc.
- The registration page should be configured
- to accept only the personal part of a edu-ID identity.
- to require the Attribute swissEduID. Send a email to email@example.com to have the attribute activated by SWITCH staff.
- to enforce re-authentication for each access (=disable SSO). This is to avoid problems of users sharing the same computer/browser.
- Typically, the bidirectional linking by creating an affiliation through the affiliation API is done at a later time after the user has completed the admission process at the university.