Login process

The following picture displays the sequence of steps that are made when a user accessed service connected to the ProxyIdP.

  1. User navigates to the webpage of the service he/she wants to use.

  2. The service will require a user to log in. The login button is initiated by the user via clicking the login button or happens automatically.

  3. Login request is sent from the service to the ProxyIdP. It redirects the user to the page where he/she can select external account associated with the AAI account.

  4. The user lands on the Discovery Service. This page lets the user select account with which he/she wants to log in.

  5. After selecting the entity, the user is redirected to the page of selected entity (i.e. organization website). User enters his/her personal credentials and performs login.

  6. User has now successfully authenticated at the selected entity. This login results in a set of attributes (i.e. Name and email) associated with the user being transferred to the ProxyIdP.

  7. At this point, IAM (identity and access management) system - Perun, provides additional information (i.e. preferred language) associated with the user.

  8. ProxyIdP transfer all the attributes service has requested back to it. Service recognizes the user as logged in. User can now use the service.

Support: perun@cesnet.cz