What is Helmholtz AAI?
AAI is short for “Authentication and Authorisation Infrastructure” and comprises the central component in gaining access to a service shared by a Helmholtz centre different from your home centre. Once you log in to the Cloud Portal itself or the federated services available through it, it will ask for your home centre. When you choose it, you will get redirected to your home identity provider (IdP), enter your username and password there and get authenticated at the service. The HelmholtzAAI manages the communication between your home IdP and the federated service you want to access. No hassle for you.
How does the authentication via Helmholtz AAI work?
In short: the central component of the HelmholtzAAI is a Unity instance that serves as a proxy between your home identity provider (IdP) and the service you want to access. Your home IdP knows who you are and is trusted by the HelmholtzAAI. You just need to log in with your username and password of your center at your home IdP and the rest is magic. :-)
For more details, you are invited to have a look at the concept page of Helmholtz AAI.
How does the authorisation at the services work -or- how does a service know what I am allowed to do there?
Either your home identity provider or the HelmholtzAAI (via a virtual organisation) communicate your permissions (so-called entitlements) to the service.
What is a virtual organisation?
A virtual organisation (VO) is a group of people led by a principal investigator (PI) that can gain special access to services if they have specialised needs for more features than a basic variant of a service offers. They can also negotiate and gain access to services with a restricted access policy. All this, however, is based on individual agreements.
Which Helmholtz centres are connected to HelmholtzAAI?
All connected centres are listed here: https://www.hifis.net/doc/backbone-aai/list-of-connected-centers/ . At the moment of writing, all centres except GSI and DZNE were connected.
How do I create a new virtual organisation?
A new virtual organisation has to be requested by a principal investigator (PI) at the HIFIS team. Note that the PI has to be a member of a Helmholtz centre. The procedure for reqeusting a new virtual organisation is shown on https://www.hifis.net/doc/backbone-aai/guidelines-vos/.
Where do I find further information?
Have a look at the HIFIS and AAI documentation page, more technical information on all our topics is there. If you don’t find what you are looking for, contact us at firstname.lastname@example.org.