EduGain is an authentication system compatible with WISEflow. It uses the organisation ID and an optional national ID. This method of authentication is administered by the institution.
EduGain Authentication Features:
- Existing user: When a user authenticates though EduGain, the user will be logged in as an existing user with the same ID.
- New user: When a user authenticates through EduGain and no user with the ID exists in WISEflow, WISEflow creates a user with the given ID and information.
The user will only be created if the setting is enabled on the licence.
When a user authenticates through EduGain, the following meta data can either be added or updated on the user:
| Name | URN: OID | EduGAIN attribute | Multiple | Required from IdP |
|---|---|---|---|---|
| Last Name | urn:oid:2.5.4.4 | sn | No | True |
| First Name | urn:oid:2.5.4.42 | gn | No | True |
| Nickname | urn:oid:2.5.4.3 | cn | No | False |
|
User ID (at home organisation) |
urn:oid:1.3.6.1.4.1.5923.1.1.1.6 | eduPersonPrincipalName | No | True |
|
|
urn:oid:0.9.2342.19200300.100.1.3 | Yes | True | |
|
The primary affiliation with home organisation |
urn:oid:1.3.6.1.4.1.5923.1.1.1.5 | eduPersonPrimaryAffiliation | No | False |
|
The organisation nickname |
urn:oid:2.5.4.10 | organisationName | No | False |
|
Level of assurance |
urn:oid:1.3.6.1.4.1.5923.1.1.1.11 | eduPersonAssurance | No | False |
EduGain FAQ
| What protocols are supported? | Only SAML |
| What attributes are passed back to WISEflow? | A full set of attributes are passed back to WISEflow. See the table above |
| Is reauthentication supported? | Reauthentication is currently not supported |
| Do users need to be created in WISEflow, or can they be created on first login? | With EduGain it is possible to have users created automatically at login due to the richer metadata. |