The following post written by Donald Coetzee
South African Federated Identities for Research and Education
This project is currently underway where UCT is very involved in the move to federate with other institutions around South Africa. SAFIRE will provide a central authentication entry point to allow easier access to shared applications by authenticating users using their institution’s login credentials.
As an example: An application (Service Provider) called “filesender” is deployed at UCT, which provides for sharing of large files between users. Navigating to http://filesender.uct.ac.za, on the login screen, a redirection is performed to a “Discovery Service ”The user then clicks Logon, The page redirects to what is called “The Discovery Service”:
The Discovery Service allows a user to specify which institution they are from , and this is where the “central” part in ‘central authentication entry point to allow easier access to shared applications by authenticating users using their institution’s login credentials’ comes in. Once the user chooses his/her ‘home institution’ the user is offered the opportunity to login to their home institution’s login service (Identity Provider).
Once the user is authenticated by the source institution, the application can be accessed and used.
In this case, Filesender as a federated application, can be used by an (authenticated) user from another (authorised) institution
MConf is another federated application hosted by SanRen, but UCT users are allowed to access it using their UCT credentials.
Mconf is an online meeting utility, that has also been joined to the federation, and when a user clicks ‘login via SAFIRE’:
If a user is already signed in to the Federation, there is no need to authenticate again.
As the federation matures, and more Applications (Service Providers), and Home institutions (Identity Providers) are added to the federation, the easier it will become for institutions in, and even those outside of South Africa to share resources, collaborate, and importantly: share Research.
The project is currently in the deployment phase, and go-live will be communicated soon!