How to Work with a SWITCHaai Account
B-Fabric has its own user management scheme including authorization and authentication. This requires that scientists (referred as users of B-Fabric) must register and create a B-Fabric account before using B-Fabric. In order to facilitate collaboration among users, B-Fabric uses a dual login mechanism which also allows users log into B-Fabric with their Switch AAI/Shibboleth accounts as well as with their B-Fabric accounts.B-Fabric Login Process
Below figure illustrates how the login process will be performed with B- Fabric. Each B-Fabric user has two options to log into B-Fabric.If a user has his own B-Fabric account already, he may choose to login with it as the first option. Once he logs in, he will be authorized with the privileges of that user.
The second option is to use a Shibboleth account. Here we must note that, the complete list of institutions from which a user can log in via Shibboleth accounts have not been determined yet. We, at the moment, foreseen only Swiss educational institutions are the allowed identity providers. If Shibboleth login is granted, the login process continues with further steps.
Also note that, according to the current data access policies of FGCZ, guest access to data is not possible at the moment.
In order to login to B-Fabric via Shibboleth, click on the "SwitchAAI Login" button.
Then, you will be forwarded to the "Where Are You From" (WAYF) service (also referred as "Discovery Service (DS)"), where you can select your home organization and get redirected to the selected Identity Provider (WAYF).
Once you are redirected to your home organization's validation page, please enter your username and login. After you have yourself logged in, you will be redirected to B-Fabric home page.
Shibboleth User is Known Already
If this user has used B-Fabric before and also logged in by using his Shibboleth account, it is likely that his Shibboleth account has been mapped to his local B-Fabric account already. If this is the case, the user is granted with the privileges of the mapped user.No Mapping Exists Yet
If no mapping exists between the Shibboleth account and any of the local B-Fabric accounts, B-Fabric checks if there is any candidate account in its database which can be mapped to the user’s Shibboleth account. Candidates are searched through e-mail addresses.If a candidate is found, it is mapped to the current Shibboleth account and the login is performed over that account.
If no candidate is found, there are two options: 1) associate and existing B-Fabric account with your Shibboleth account or 2) create a new B-Fabric account.
If you choose to create a new B-Fabric account option, "Register User" screen will be populated with the attributes available in your Shibboleth account. As it is seen in the figure below, first name, last name and the e-mail information regarding the current user come from the Shibboleth database. Mandatory yet empty fields must be filled the user. Once the user is created, it is automatically associated the current Shibboleth user.
If you choose to associate an existing B-Fabric user with your Shibboleth account instead of creating a new one, you must enter your B-Fabric username and password and then click on the "Associate Account" button.
Once you map a Shibboleth account to your B-Fabric account, if you go to the details page of your B-Fabric Account, you can see your Shibboleth Id on the screen. You can reset your Shibboleth Id by clicking on the "Reset Shibboleth Id" button if you like. For security reasons, Shibboleth Ids are reset periodically