Reg-App – A federated Identity Management System

Introduction

RegApp is an open-source federated identity management system and authentication and authorization infrastructure (AAI) developed mainly at at KIT. Through the currently installed solution, more than 38,000 registered users from different research institutions, including the Helmholtz Association and universities are enabled to login to services (incl. HPC systems), secured by a Two Factor Authorisation (2FA). This highly customizable solution is available “as a service” and can also be deployed on premises.

Project Leader: Ulrich Weiß, NHR@KIT
Project Partners:

KIT: U. Weiß, M. Simon, M. Bonn
RWTH Aachen: T. Cramer, C. Terboven,
A. Gündogan, T. Kurth
UPB: R. Schade, J. Simon, M. Wilkowsky
GWDG: R. Krimmel, S. Krull, S.-L. Wong

Participating
NHR Centers:

NHR@KIT
NHR4CES@RWTH
PS2
GWDG
Software/Library Reg-App (Open Source)

Figure: RegApp architecture in the context of identity providers (IdP), service providers (SP,) authentication and authorization infrastructures (AAI) and, in the future, communities or project groups.

Project description

The RegApp is an open-source federated identity management system and authentication and authorization infrastructure (AAI) developed mainly at Scientific Computing Center (SCC) at KIT. Through the currently installed solution, more than 38,000 registered users from different research institutions, including the Helmholtz Association and universities are enabled to login to our services, secured by a Two Factor Authorization (2FA). The users are able to use the account provided by their home institution.
To support organizations, universities, or other institutions for which the operation and maintenance of a RegApp installation is neither economically nor technically manageable, a software-as-a-service operating model is an option. Here, the RegApp would be operated as a privacy-compliant cloud service for external organizations, their identity providers, and their (HPC) applications at KIT. In addition, the desire for local installations and operation arose in the first project meetings. For this purpose, the RegApp installation can be deployed as a docker container and operated in a decentralized manner. This is particularly helpful and simple for initial test instances.
With RegApp AAI software, secure access to HPC resources can be ensured without patching existing access mechanisms or changing source code. Through appropriate configurations, SSH accesses can be provided with 2FA and also grant SSH-key based access.