Integration with LS-Login

LS Login is a service that provides authentication and authorization for other services within Life Science. LS-Login end-users have a single login for using the connected services. LS Login lets users authenticate using an existing account at third parties (e.g. university, Switch edu-ID account, research institute or a commercial identity provider) and link it to an LS ID.

Switch edu-ID users can create an LS-Login ID (via eduGAIN interfederation) and subsequently use their edu-ID credentials to access to services that are accessible through LS-Login.

For services in the Switch edu-ID Federation there are multiple configuration options to make the service accessible to users from the Switch edu-ID Federation and the LS-Login community.

Integration Approaches

A) Two Login Buttons

Approach: Add two login buttons on service's login page, one for Switch edu-ID and one for LS-Login.

This can be useful if the service is open for LS users but is heavily used by, e.g. users of the service's home organization. For services in the edu-ID federation, this might be the best solution - because the service is provided by a Swiss organization. It makes sense to remove obstacles by offering the country's primary solution and then additional solutions (like LifeScience). LS will be used mostly by people outside Switzerland (if allowed) or some life science researchers used to LS login.

B) One Switch edu-ID Login Button - LS-Login via eduGAIN

Approach: Add just one edu-ID login button on service's login page, and configure the service to allow access via eduGAIN interfederation.

This is possible but might not work in all cases. Problems can arise for users of organizations that are not (yet) eduGAIN-enabled. Fortunately, are only few such cases in the Switch edu-ID federation.

C) One LS-Login Button - edu-ID Login via eduGAIN

Approach: Add just one LS-Login button on service's login page, and instruct edu-ID users to create an LS login ID based on their edu-ID account via eduGAIN interfederation.

This is the straightforward solution for services that need an LS-Login anyway or if the service has a primarily international scope or audience. The system will recognize if the email address is associated with the user or if it is a first-time access. The only requirement is a membership with an eduGAIN-enabled organization, release of attributes and persistent identifier by the Identity Provider of that organization. These requirements are met by all Swiss universities that are edu-ID enabled.