AAI-protected demo areas
Access to areas of the web site is controlled by AAI, using the open source Shibboleth Service Provider software developed by the Shibboleth Consortium. This demo resource is part of the AAI Test Federation, not the production SWITCHaai Federation.
Some information about the authenticated user gets transferred to the resource, so that it can decide on authorizing access for that user and for knowing with whom the resource is communicating.
This resource holds following areas for demonstration purposes:
| Scenario | Description | Valid users | Invalid users |
|---|---|---|---|
| Demo Portal | Shows a very simple portal application, where logged-in users get customized content. |
demouser:demo demostudent:demo |
all unauthenticated users |
|
Any authenticated user Home Organization choice by Discovery Service |
Any properly authenticated user gets access. | demouser:demo demostudent:demo |
all unauthenticated users |
| Any authenticated user | Any properly authenticated user gets access. | demouser:demo demostudent:demo |
all unauthenticated users |
| Any student | All users with an affiliation "student" are authorized to access it. | demouser2:demo demostudent:demo |
demouser:demo demostaff:demo |
| Staff from aai-demo-idp.switch.ch | All users with an affiliation "staff" and home organization "aai-demo-idp.switch.ch" are authorized to access it. |
demostaff:demo | demostudent:demo |
| An explicit user | Only "demouser2" is authorized to access it. | demouser2:demo | all others |
| Lazy session | Authentication is optional, but the application can enforce user authentication when it is needed. |
all users | - |
| Re-authentication enforcement | Application enforce Re-authentication of the user at the IdP, although the IdP session is still valid. |
demouser:demo demo[1..50]:demo |
all unauthenticated users |
| Passive authentication enforcement | Application enforce a passive authentication of the user at the IdP, means disallowing any user interaction on the IdP side. |
all authenticated users | all unauthenticated users |
Changing the Account
Prior to changing from one user account to another please quit and relaunch the browser in order to remove all session cookies.
Information provided by this Service Provider
Status Metadata Session Shibboleth environment Current config Clear
