If you cannot login via the CLARIN Identity Provider or you lost your password, please have a look at the help page. This page contains the technical details and is intended for infrastructure specialists.
How can I access a CLARIN service when my academic account does not belong to an identity federation that has ties with the Service Provider Federation?
To cope with this situation, we have created a CLARIN Identity Provider. It uses the credentials for the Drupal website https://user.clarin.eu/user and thus enables you to login to a Service Provider with your self-created username and password.
To test this:
- Go to https://catalog.clarin.eu/ds/ComponentRegistry
- Click on login (top right corner)
- Select the "Clarin.eu website account".
But does this IdP have the same trust level as official IdPs?
No. The CLARIN IdP relies on the clarin.eu site administrator's judgement who decides about the activation of the Drupal accounts. In general account requests from academic users (including students) that have a solid motivation are honoured. So if you have an SP that needs a higher degree of trust, do not connect it to the CLARIN IdP. That said, the current setup works well for applications as the CLARIN component registry.
What are the technical details of IdP?
SAML metadata about the CLARIN IdP can be found at: https://infra.clarin.eu/aai/prod_md_about_clarin_erics_idp.xml . Its entityID is 'https://idm.clarin.eu'. The Drupal user database (e-mail address and password hash) is exported to a Shibboleth IdP.
What attributes does the CLARIN IdP release?
All of the attributes as requested by CLARIN SPs:
- eduPersonPrincipalName (= Drupal email address with _ instead of @ + @clarin.eu)
- cn (common name) (= Drupal user name)
- mail (= Drupal email)
- o (organizationName) (= Drupal organisation)
- eduPersonScopedAffiliation which has the fixed value firstname.lastname@example.org
- eduPersonEntitlement, which can be:
I have a CLARIN Service Provider. How do I connect it to the CLARIN IdP?
Please follow the second section of the guide to creating and configuring a Shibboleth SP. If no problems occur it might nonetheless take a few hours before the SAML metadata about your SP has been taken in by the CLARIN IdP.
Is there a step-by-step guide about how to connect your SP to the CLARIN IdP, with example configuration files?
Yes, to some degree. The most general page is the guide to creating and configuring a Shibboleth SP. It contains references to other resources.