Why connect the institution to WAYF?
- The institution's students and employees will have access to a number of much requested external information services.
- The institution won't have to adapt the hook-up technology to the various information services - once the connection to WAYF is in place access to all the services that WAYF communicates with is granted automatically.
- Subscriptions for e.g. journal databases may become cheaper because the subscription can be limited to the users in the institution who actually need it.
How much does it cost?
It is free of charge to get connected to WAYF in the project's introductory phase.
How to get connected to WAYF
Through a connection to WAYF, your users get access to a number of external services using the existing login-instrastructure already in place.
Are your users in WAYF's target group?
In order to get connected to WAYF the institution you represent has to be part of the higher education and research communities in Denmark. The WAYF secretariat can assist you in deciding whether your institution is part of the target group. Which user data should be exchanged with WAYF? You need to find out whether your institution's user registry is able to provide the user information (attributes), that WAYF may transfer to the services. The institution should be able to provide the following information as a minimum:
- First name
- Last name
- Nickname
- User ID at the home organisation
- Email address
- The user's primary affiliation to the home organisation
- Institution ID
- Level of Assurance
Entering a formal agreement regarding connection
A formal agreement should be entered concerning the connection of the institution to WAYF. The contract below is to be filled in and sent to This e-mail address is being protected from spambots. You need JavaScript enabled to view it . If questions arise then give the secretariat a call or write us. Once the data processor agreement has been approved and signed by both parties and the technical tests have proven successful, then the production system will be updated with a connection to the new institution.
Local login service
When the login service is run locally, the users make use of the institution's own login page in order to log in to services via WAYF. At the institution this involves installing connection software that uses the standard SAML 2 (Security Assertion Markup Language version 2) for the integration with WAYF. Read about the various SAML 2-products below. Furthermore the institution's local user data needs to be converted to the attribute format used by WAYF. The advantage of the local model is that the user makes use of the institution's local well-known login page when logging in. At the same time user name and password stays in the institution's it environment. Products with SAML 2 (link for SAML product list)
Demands for user management
The institution needs to be in control of it's users before it can get connected to WAYF. This means that it sets up, maintains and deletes users on the basis of a well defined practice. The purpose is to secure the data quality so the service providers can trust the user information they receive via WAYF. Demands regarding user administration is described in the agreement between WAYF and the institution.
Which services will we gain access to?
As a starting point the institution's users gain access to all the services that are connected to WAYF. However it is up to the individual service to approve users on the basis of the received user information. Some services demand that a business agreement is entered regarding use and payment. This is an issue between the service and the individual institution and leaves out WAYF.
Self-service
At a later stage WAYF will grant acces to a self-service page where the institution will be able to see which services it has entered agreements with regarding the exchange of user information.
Requirements for certificates
The institution must hold a SSLcertificate that has been issued by a CA which has available and updated revocation lists accessible for download in order to perform automatic check of the certificate.