Versions Compared

Old Version 31

changes.mady.by.user Unknown User (klaalo@csc.fi)

Saved on

compared with

New Version Current

changes.mady.by.user Daniel Melander

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info
iconfalse
User authentication must utilize Haka identity federation: https://confluence.csc.fi/x/JoIUAg. In English. The service must include a SAML2 Service Provider component configured to support Haka SAML2-profile: https://confluence.csc.fi/x/m4IUAgHaka SAML 2.0 -profile 2.0

In some cases it is required that the application allows local user accounts in addition to federated identities.

...

Haka user authentication enables transfer of user attributes to a service. User attributes in Haka are defined in FunetEduPerson attribute schema:  https://confluence.csc.fi/x/FoMUAg FunetEduPerson schema

Application of personal data received as federated attributes and linking that data to local user accounts must always be evaluated per service. In general when using Haka, services should minimise the amount of locally created user attributes and rely on federated attributes.

...

Users in Haka are identified using one of the available identifiers specified in the attribute schema: https://confluence.csc.fi/x/FoMUAg FunetEduPerson schema. The most common identifier used is eduPersonPrincipalName-attribute. In some cases it is desirable that existing user accounts are linked to federated identifiers.

...