Page History

Service or application request for tender Request for tender of a service or an application often requires definitions for ensuring Haka compatibility.  On this page  This page is a template for some possible requirements are given but proper consideration must be give. Proper consideration is needed by a requestor. 

Authentication protocol

Haka is a federated authentication infrastructure based on SAML2-protocol. In addition to general SAML2 standards Haka has certain Haka specific requirements. Haka aims to be as compatible as possible with international identity federations but in some cases due it is not possible due to local requirements it is not possible.  

...

Haka user authentication enables transfer of user attributes to a service. User attributes in Haka are defined in FunetEduPerson attribute schema: https://confluence.csc.fi/x/FoMUAg

Attribute usage and links Application of personal data received as federated attributes and linking that data to local user accounts must always be evaluated per service.  In In general when using Haka, services should minimise the amount of locally created user attributes and rely on federated attributes.

...

Users in Haka are identified using one of the available identifiers specified in the attribute schema: https://confluence.csc.fi/x/FoMUAg. The most common identifier used is eduPersonPrincipalName-attribute. In some cases it is desirable that existing user accounts are linked to federated identifiers.

...

Identity provider discovery

...

User accounts may be provisioned prior to user accessing the service. Usually this means importing users' Haka identifiers to the service.

...