Installing and configuring a Proxy with SimpleSAMLphp on ILC4CLARIN Infrastructure for SSO with CLARIN SPF

This technical report provides a detailed guide for the installation, configuration, and integration of a Service Provider (SP) to enable federated authentication within the ILC4CLARIN infrastructure. Aimed at technical personnel, the document outlines all necessary steps to connect the SP to the DFN-AAI federation, ensuring secure and reliable access to services through a federated identity model. At the core of the solution is SimpleSAMLphp, an open-source software that supports SAML-based identity federation, operating as both an Identity Provider (IdP) and Service Provider (SP). Its modular architecture allows for seamless integration with research and academic federations such as CLARIN, DFN-AAI, and eduGAIN. The configuration is metadata-driven, facilitating compatibility with a broad range of identity systems. The report also introduces key concepts of federated authentication, where trust relationships between IdPs and SPs allow users to access multiple services using a single set of credentials. Authentication is routed through a discovery service that enables users to select their home institution, improving user experience and security. The work is motivated by the need to integrate CLARIN's Single Sign-On (SSO) system into INCEpTION, a web-based platform for linguistic and semantic annotation developed at Technische Universität Darmstadt. Due to the complexity of direct integration with CLARIN’s discovery interface, a proxy-based authentication architecture was adopted. This approach, supported by Keycloak, consolidates multiple IdPs into a single authentication endpoint, streamlining the user login process while ensuring compatibility with the CLARIN federation. This report focuses on configuring the Service Provider component. A companion document will provide further details on the complete proxy architecture. The activity is part of the H2IOSC – Humanities and Heritage Italian Open Science Cloud project, funded under Italy’s National Recovery and Resilience Plan (PNRR). The initiative promotes open science in the humanities by providing federated access to distributed infrastructures and services. Within this framework, CLARIN-IT, the Italian node of the CLARIN ERIC infrastructure, plays a key role in enabling secure, interoperable access to digital linguistic resources for researchers.