The Edugate federation is comprised of public and private Irish Higher Education Institutions and Research Organisations that have agreed upon a standard procedure for exchanging information about users and resources to enable access and use of those resources and services. The Edugate federation is a service operated by HEAnet in co-operation with HEAnet member institutions
Why use EduGate?
If you offer a web site that requires users to register for a username and password, the rate of attrition can be as high as 50% during registration and a further 50% when the user forgets that password.
If you offer a website that authenticates users against an institutions LDAP or Active Directory you will have to meet a higher security burden since you are handling the users institutional username/password, and you’ll have to account for the institutions firewall rules during initial setup and in the longer term. You’ll also have to adapt to each institutions directory schema. Edugate provides a standard schema without the need to negotiate firewalls or synchronise users.
Eliminate the bulk sharing of the campus user details with other campus departments by offering an authentication service that is highly secure and only shares the necessary amount of users data for the minimum set of users. Reduce multiple user credentials by securely leveraging the campus directory for services, whether on the campus network or in the cloud. Improve the productivity of campus users by eliminating multiple account provisioning processes and leveraging the single-sign-on capability of Edugate.
A 2010 OCLC survey showed that less than 1% of students start their search at the library website, preferring internet search engines instead. Edugate helps connect the other 99% of students and staff with resources where the library has already paid for access, for example;
- researchers who follow a link/DOI in a journal article to protected content protected by a publisher.
- publishers that offer personalised service such saved searches, alerts, favourite articles or reference tools (e.g. RefWorks/EndNote Web)
- for digital content such as e-Books, audio, video, and HTTPS content that is best delivered direct to the users browser rather than through a library proxy.
Student Unions Clubs & Societies
Restrict access to your student union, club or society web-site to valid campus users without needing the campus IT department to provide you with access to the entire campus user database.
Collaborative & Shared services
Edugate provides a single access mechanism that will enable access to online resources supporting alliances, research collaboration, consortia and the establishment of shared services without issuing another username & password to users.
Edugate provides the only online mechanism to validate that an Irish 3rd Level student is in fact a student.
Join the current members of the Edugate federation by completing the Edugate Agreement below;
HEAnet member institutions that wish to join should complete the Edugate Agreement below and return it to the address below.
- Private and Public Sector Higher Education Institutions that are not a member of HEAnet join should complete the Edugate Agreement below and state in their application how the institutions participation in Edugate will be of benefit to Edugate and its membership (the institutions application will then be considered by the Edugate Governance Committee).
- Organisations who provide online services that are of benefit to the education and research needs of the members of the Higher Education sector should complete the Edugate Agreement.
- Organisations who have been contracted to deliver online services to any member Higher Education Institution are also eligible to join and should also complete the Edugate Agreement and state the Institution that has contracted the service.
Agreements should be posted to;Edugate Operator
5 Georges Dock
Irish Financial Services Centre
How EduGate Works
Edugate is an implementation of a SAML multiparty federation, a SAML service provider (a web site typically) and a SAML Identity Provider agreeing a basis of trust between them, this trust is partly established by the HEAnet, the operator of Edugate. The identity provider authenticates their users credentials and then provide basic user details to service providers. The service provider then decides what level of access the visitor is entitled to based on the users details.
The diagram and accompanying steps outlined below explain the flow of events that enable federated access.
A. User opens his/her browser and requests the Service Providers (SP) website, when the website loads the user clicks a ‘Login’ link.
B. The SP will present the user with a Discovery or WAYF (Where Are You From), this may be the service providers own web-site or the Edugate shared WAYF website and it displays a list of participating Edugate Identity Providers (institutions) to the users browser, the user selects his/her institution from the list.
C. The WAYF/Discovery redirects the user back to the SP including details of the users selected institution.
D. Since the SP knows where the user is from, it redirects the user to the users institutional identity provider (IdP) website, where the IdP will prompt for the users institutional credentials (only if the user does not already have a web-session at the IdP), the user will enter his/her credentials which will be checked against the institutional user repository (step 6 in the diagram above).
E. If the credentials are verified, the IdP will fetch user data from the institutions user repository and redirect the browser back to the SP’s website, supplying an encrypted message that contains the user data**.
All subsequent requests by the user are handled by the service provider.
*The data may vary from an opaque identifier known only to the IdP and SP to the full set of data as described in the Edugate Technical Specification (incl. name, email, affiliation etc).
**The user may be prompted for consent by the IdP before the data is sent to the SP, in which case the users consent will be recorded in a database.
NOTE: Steps 1-4 can be skipped by the SP in any of the following cases;
a) the SP web-site is used by only one institution, in which case the SP can redirect users back to that institutions IdP.
b) the SP uses some other means to determine where the user is from e.g. IP address range, cookie.
c) the SP has ‘WAYFless URL’ that can be customised for each institutions IdP
d) the SP is able to respond to IdP initiated SSO.
The Irish instance of a worldwide initiative
Edugate is similar to Research and Education federations in other countries around the world (see www.refeds.org). An opt-in mechanism is provided to Edugate members to participate in the eduGAIN confederation, participation will apply the benefits of Edugate membership to a much wider range of academic services and allow Edugate services to authorise access to international academic users. For further details visit https://edugate.heanet.ie/rr3/p/page/eduGAIN or contact firstname.lastname@example.org if you wish to opt into eduGAIN.