If you cannot login via the CLARIN Identity Provider or you lost your password, please have a look at the help page. This page contains the technical details and is intended for infrastructure specialists.
How can I access a CLARIN service when my academic account does not belong to an identity federation that has ties with the Service Provider Federation?
To cope with this situation, we have created a CLARIN Identity Provider. It uses the credentials for the Drupal website https://user.clarin.eu/user and thus enables you to login to a service provider with your self-created username and password.
To test this:
- Go to https://catalog.clarin.eu/ds/ComponentRegistry
- Click on login (top right corner)
- Select the 'Clarin.eu website account'.
Does this have the same trust level as official IdPs?
No. The CLARIN IdP relies on the clarin.eu site administrator's judgement who decides about the activation of the Drupal accounts. In general, account requests from academic users (including students) that have a solid motivation are honoured. So if you have an that needs a higher degree of trust, do not connect it to the CLARIN IdP. That said, the current setup works well for applications such as the CLARIN component registry.
What are the technical details of IdP?
metadata about the CLARIN IdP can be found at: https://infra.clarin.eu/aai/prod_md_about_clarin_erics_idp.xml. Its entityID is 'https://idm.clarin.eu'. The Drupal user database (email address and password hash) is exported to a Shibboleth IdP.
What attributes does the CLARIN IdP release?
All of the attributes as requested by CLARIN SPs:
- eduPersonPrincipalName (= email address with _ instead of @ + @clarin.eu, e.g. email@example.com)
- cn (common name) (= full name, e.g. 'John Doe')
- mail (= email)
- o (organisationName) (e.g. Utrecht University)
- eduPersonScopedAffiliation which has the fixed value firstname.lastname@example.org
- eduPersonEntitlement, which can be:
- http://www.clarin.eu/entitlement/academic , meaning: user has academic mail (e.g. mpi.nl)
- http://www.clarin.eu/entitlement/none , meaning: user does not have academic mail (e.g. gmail.com)
I have a CLARIN Service Provider. How do I connect it to the CLARIN IdP?
Please follow the second section of the guide to creating and configuring a Shibboleth SP. If no problems occur it might nonetheless take a few hours before the SAML metadata about your SP has been taken in by the CLARIN IdP.
Is there a step-by-step guide about how to connect your SP to the CLARIN IdP, with example configuration files?
Yes, to some degree. The most general page is the guide to creating and configuring a Shibboleth SP. It contains references to other resources.