A Proxy & Identity Hub
The Proxy is an SP-IdP Proxy. It can connect SAML Identity Providers, OIDC Providers, SAML Service Providers and OIDC Resource Providers, thus enabling teams to use their preferred identity sources and services regardless of the authentication protocol. The Proxy is responsible for aggregating the user attributes from various identity sources, enforcing community and platform wide policies and providing one persistent user identifier and a harmonised set of attributes to the connected services. For this, we currently use SATOSA ("A configurable proxy for translating between different authentication protocols such as SAML2, OpenID Connect and OAuth2") is used in the current phase to technically connect services so authentication requests can be managed. SUNET has been instrumental in development of SATOSA.
A Metadata Service (MDS)
The Metadata Service aggregates the metadata of all the SAML Identity and Service Providers that are connected to the platform. It does so by aggregating the metadata feed of eduGAIN, while
allowing the platform administrators to configure also other local or remote metadata sources. The MDS is an essential component of the platform directly connected to the eduTEAMS Proxy. For this we currently use pyFF, python Federation Feeder. pyFF also provides the WAYF. NORDUnet has been instrumental in development of PyFF.