Piloted solutions

The AARC team has piloted existing AAI solutions to assess whether they meet the functional and technical integration requirements of research communities and e-infrastructures. Where possible, the components were improved with additional features as needed.

Our goal is to improve the usability and the visibility of useful AAI solutions and components. To do this, they are described according to a standard template that includes the aim of the pilot, the software sources used, a functional flow and where possible a live demo. (All links lead to the AARC wiki.)

Solutions to expand the reach of federated access

Libraries Consortium Proxies

The SP-IdP proxy architecture can be used by a library consortium to reduce the number of interactions between identity providers and service providers from both a technical and trust point of view, while preserving the privacy of users.

Linking persistent IDs

Leveraging COmanage allows researchers to link their ORCID identity to institutional accounts, and to write ORCID to LDAP for use in collaboration services.

Libraries EZproxy access mode switch pilot

EZproxy can act as a switch from IP based proxy to access non-federated resources to SAML SSO redirect proxy, to entitle users to federated online resources if they own SAML2-IDP provided credentials.

Libraries walk-in-user pilot

Provide access to library resources for users without federated identities via a kiosk.

External identity provider pilot

Support researchers who are not affiliated with traditional home organisations, as well as those whose identity providers are not part of any of the eduGAIN federations.

Testing technical and policy components


Manage group membership attributes or other attributes from multiple sources, which can be used in a federated environment to regulate access to BBMRI services.

Perun VOMS CILogon Pilot

Enable certificate-based access to Elixir and EGI services with VOMS and RCAuth.eu.

IGTF to eduGAIN proxy

Re-use existing issued certificates in order to access services published to eduGAIN.

RCAuth pilot

Enables access to X.509-based resources via federated login and without the need for users to understand the intricacies of a Public Key Infrastructure: RCAuth.eu

COmanage SSH pilot

Enable a researcher to enrol a collaborative organisation and to upload an SSH public key for access to non-web resources with COmanage.

WaTTS SSH-plugin

Manage credentials for services that do not natively support OpenID Connect by using the WaTTS token translation service.

WaTTS RCauth-plugin

Use OIDC to generate a session where an RCauth Certificate is stored in WaTTS.

LDAP Facade CLI pilot

Provide access to non-web resources via SAML and PAM with LDAPfacade.

Cross infrastructure pilots

EGI – EUDAT pilot

Allow end-users to transparently access EGI and EUDAT resources with an institutional account.


Enable automatic provisioning of accounts on EUDAT from PRACE.

Enabling federated access to third party services

Seafile with SAML federation pilot

Enable federated access and IdP selection to get access to the Seafile file sync and share service.

Collabora & NextCloud Demos

Explore federated access to the NextCloud web-based document management service and the Collabora Online office suite.