This technical report provides a detailed guide for the installation, configuration, and integration of a Service Provider (SP) to enable federated authentication within the ILC4CLARIN infrastructure. Aimed at technical personnel, the document outlines all necessary steps to connect the SP to the DFN-AAI federation, ensuring secure and reliable access to services through a federated identity model. At the core of the solution is SimpleSAMLphp, an open-source software that supports SAML-based identity federation, operating as both an Identity Provider (IdP) and Service Provider (SP). Its modular architecture allows for seamless integration with research and academic federations such as CLARIN, DFN-AAI, and eduGAIN. The configuration is metadata-driven, facilitating compatibility with a broad range of identity systems. The report also introduces key concepts of federated authentication, where trust relationships between IdPs and SPs allow users to access multiple services using a single set of credentials. Authentication is routed through a discovery service that enables users to select their home institution, improving user experience and security. The work is motivated by the need to integrate CLARIN's Single Sign-On (SSO) system into INCEpTION, a web-based platform for linguistic and semantic annotation developed at Technische Universität Darmstadt. Due to the complexity of direct integration with CLARIN’s discovery interface, a proxy-based authentication architecture was adopted. This approach, supported by Keycloak, consolidates multiple IdPs into a single authentication endpoint, streamlining the user login process while ensuring compatibility with the CLARIN federation. This report focuses on configuring the Service Provider component. A companion document will provide further details on the complete proxy architecture. The activity is part of the H2IOSC – Humanities and Heritage Italian Open Science Cloud project, funded under Italy’s National Recovery and Resilience Plan (PNRR). The initiative promotes open science in the humanities by providing federated access to distributed infrastructures and services. Within this framework, CLARIN-IT, the Italian node of the CLARIN ERIC infrastructure, plays a key role in enabling secure, interoperable access to digital linguistic resources for researchers.
Installing and configuring a Proxy with SimpleSAMLphp on ILC4CLARIN Infrastructure for SSO with CLARIN SPF
Michele MalliaWriting – Original Draft Preparation
2025
Abstract
This technical report provides a detailed guide for the installation, configuration, and integration of a Service Provider (SP) to enable federated authentication within the ILC4CLARIN infrastructure. Aimed at technical personnel, the document outlines all necessary steps to connect the SP to the DFN-AAI federation, ensuring secure and reliable access to services through a federated identity model. At the core of the solution is SimpleSAMLphp, an open-source software that supports SAML-based identity federation, operating as both an Identity Provider (IdP) and Service Provider (SP). Its modular architecture allows for seamless integration with research and academic federations such as CLARIN, DFN-AAI, and eduGAIN. The configuration is metadata-driven, facilitating compatibility with a broad range of identity systems. The report also introduces key concepts of federated authentication, where trust relationships between IdPs and SPs allow users to access multiple services using a single set of credentials. Authentication is routed through a discovery service that enables users to select their home institution, improving user experience and security. The work is motivated by the need to integrate CLARIN's Single Sign-On (SSO) system into INCEpTION, a web-based platform for linguistic and semantic annotation developed at Technische Universität Darmstadt. Due to the complexity of direct integration with CLARIN’s discovery interface, a proxy-based authentication architecture was adopted. This approach, supported by Keycloak, consolidates multiple IdPs into a single authentication endpoint, streamlining the user login process while ensuring compatibility with the CLARIN federation. This report focuses on configuring the Service Provider component. A companion document will provide further details on the complete proxy architecture. The activity is part of the H2IOSC – Humanities and Heritage Italian Open Science Cloud project, funded under Italy’s National Recovery and Resilience Plan (PNRR). The initiative promotes open science in the humanities by providing federated access to distributed infrastructures and services. Within this framework, CLARIN-IT, the Italian node of the CLARIN ERIC infrastructure, plays a key role in enabling secure, interoperable access to digital linguistic resources for researchers.| Campo DC | Valore | Lingua |
|---|---|---|
| dc.authority.orgunit | Istituto di linguistica computazionale "Antonio Zampolli" - ILC | en |
| dc.authority.people | Michele Mallia | en |
| dc.authority.project | Project code IR0000029 | en |
| dc.collection.id.s | 95773a9f-8d06-4466-a951-5d4e15d70690 | * |
| dc.collection.name | 08.04 Rapporto tecnico | * |
| dc.contributor.appartenenza | Istituto di linguistica computazionale "Antonio Zampolli" - ILC | * |
| dc.contributor.appartenenza.mi | 918 | * |
| dc.contributor.area | Non assegn | * |
| dc.date.accessioned | 2025/05/26 18:12:16 | - |
| dc.date.available | 2025/05/26 18:12:16 | - |
| dc.date.firstsubmission | 2025/05/06 16:45:07 | * |
| dc.date.issued | 2025 | - |
| dc.date.submission | 2025/05/29 12:51:32 | * |
| dc.description.abstracteng | This technical report provides a detailed guide for the installation, configuration, and integration of a Service Provider (SP) to enable federated authentication within the ILC4CLARIN infrastructure. Aimed at technical personnel, the document outlines all necessary steps to connect the SP to the DFN-AAI federation, ensuring secure and reliable access to services through a federated identity model. At the core of the solution is SimpleSAMLphp, an open-source software that supports SAML-based identity federation, operating as both an Identity Provider (IdP) and Service Provider (SP). Its modular architecture allows for seamless integration with research and academic federations such as CLARIN, DFN-AAI, and eduGAIN. The configuration is metadata-driven, facilitating compatibility with a broad range of identity systems. The report also introduces key concepts of federated authentication, where trust relationships between IdPs and SPs allow users to access multiple services using a single set of credentials. Authentication is routed through a discovery service that enables users to select their home institution, improving user experience and security. The work is motivated by the need to integrate CLARIN's Single Sign-On (SSO) system into INCEpTION, a web-based platform for linguistic and semantic annotation developed at Technische Universität Darmstadt. Due to the complexity of direct integration with CLARIN’s discovery interface, a proxy-based authentication architecture was adopted. This approach, supported by Keycloak, consolidates multiple IdPs into a single authentication endpoint, streamlining the user login process while ensuring compatibility with the CLARIN federation. This report focuses on configuring the Service Provider component. A companion document will provide further details on the complete proxy architecture. The activity is part of the H2IOSC – Humanities and Heritage Italian Open Science Cloud project, funded under Italy’s National Recovery and Resilience Plan (PNRR). The initiative promotes open science in the humanities by providing federated access to distributed infrastructures and services. Within this framework, CLARIN-IT, the Italian node of the CLARIN ERIC infrastructure, plays a key role in enabling secure, interoperable access to digital linguistic resources for researchers. | - |
| dc.description.allpeople | Mallia, Michele | - |
| dc.description.allpeopleoriginal | Michele Mallia | en |
| dc.description.fulltext | open | en |
| dc.description.numberofauthors | 1 | - |
| dc.identifier.doi | 10.5281/zenodo.15544532 | en |
| dc.identifier.source | datacite | * |
| dc.identifier.uri | https://hdl.handle.net/20.500.14243/543561 | - |
| dc.identifier.url | https://zenodo.org/records/15544532 | en |
| dc.language.iso | eng | en |
| dc.relation.projectAcronym | H2IOSC | en |
| dc.relation.projectAwardNumber | CUP B63C22000730005 | en |
| dc.relation.projectAwardTitle | Humanities and cultural Heritage Italian Open Science Cloud – H2IOSC | en |
| dc.relation.projectFunderName | European Union | en |
| dc.relation.projectFundingStream | NextGenerationEU – National Recovery and Resilience Plan (NRRP) | en |
| dc.subject.keywordseng | single sign on | - |
| dc.subject.keywordseng | clarin service provider federation | - |
| dc.subject.keywordseng | simplesamlphp | - |
| dc.subject.keywordseng | authentication | - |
| dc.subject.singlekeyword | single sign on | * |
| dc.subject.singlekeyword | clarin service provider federation | * |
| dc.subject.singlekeyword | simplesamlphp | * |
| dc.subject.singlekeyword | authentication | * |
| dc.title | Installing and configuring a Proxy with SimpleSAMLphp on ILC4CLARIN Infrastructure for SSO with CLARIN SPF | en |
| dc.type.driver | info:eu-repo/semantics/other | - |
| dc.type.full | 08 Report e Working Paper::08.04 Rapporto tecnico | it |
| dc.type.miur | 298 | - |
| iris.mediafilter.data | 2025/05/27 03:46:54 | * |
| iris.orcid.lastModifiedDate | 2025/06/16 17:06:18 | * |
| iris.orcid.lastModifiedMillisecond | 1750086378849 | * |
| iris.sitodocente.maxattempts | 1 | - |
| iris.unpaywall.metadataCallLastModified | 20/06/2025 04:50:17 | - |
| iris.unpaywall.metadataCallLastModifiedMillisecond | 1750387817506 | - |
| iris.unpaywall.metadataErrorDescription | 0 | - |
| iris.unpaywall.metadataErrorType | ERROR_NO_MATCH | - |
| iris.unpaywall.metadataStatus | ERROR | - |
| Appare nelle tipologie: | 08.04 Rapporto tecnico | |
| File | Dimensione | Formato | |
|---|---|---|---|
|
technical_report_service_provider_ilc4clarin_rev_0.1.pdf
accesso aperto
Descrizione: Rapporto tecnico
Tipologia:
Versione Editoriale (PDF)
Licenza:
Dominio pubblico
Dimensione
5.47 MB
Formato
Adobe PDF
|
5.47 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
