Since January 26, 2022 the NHR@KIT resources are fully integrated with Helmholtz AAI. You can now register with the account provided by your home institution and even with accounts from Github, Google etc.
All existing accounts keep working. If you have been using a guest account provided by KIT, please continue to do so. There is no need to change to a different account, and there will be no assistance with moving your data.
Access to all NHR@KIT services is governed by a single, federated Identity Management platform, the Federated Login System (FeLS). FeLS allows you to log in with existing accounts from many different (mostly academic) institutions worldwide, including Google and GitHub. There is usually no need to apply for a new, additional guest account from NHR@KIT, but if you have already been assigned one from an existing project you can continue to use it.
All users have to complete the following steps for each individual NHR@KIT service they want to use.
Log into FeLS and look up your account identifier.
Get the entitlement that enables the registration for a specific service.
Set up two-factor authentication (if not already enabled).
Register for the service on FeLS.
After these steps have been completed, services can be accessed either by logging in or by using an alternative access method like Jupyter.
Step 1: FeLS login and account identifier lookup¶
FeLS is a federated Identity Management platform that integrates with many academic institutions across Germany and also supports logins via the Helmholtz Authentication and Authorization Infrastructure (Helmholtz AAI). This means users can usually log into FeLS with existing accounts from many different (mostly academic) institutions worldwide, plus accounts from some commercial entities like Google and GitHub.
Please make sure the account you are using to log into FeLS remains valid for at least as long as you are planning to use the NHR@KIT services. Neither the FeLS administrators nor the NHR@KIT HPC Operations Team can temporarily re-enable external accounts that are being declined by external identity providers!
When accessing https://fels.scc.kit.edu/, a list of Home Organizations will be shown. Select the one that corresponds to the account you are planning to use and then click on
FORTFAHREN. If your Home Organization is not listed, select
Helmholtz AAI instead.
If you choose
Helmholtz AAI, you will be redirected to a second screen where you can choose from another list of Home Organisations. Once you have selected your home organization, either directly on FeLS or on Helmholtz AAI, you will be redirected to the login page of your Home Organization. Please ensure that everything looks okay, e.g. the HTTPS certificate is valid and the login page looks as always. Then log in with your account credentials.
After successful login at your Home Organization, you are redirected back to FeLS. If you are accessing FeLS for the first time, a summary screen with all the transmitted account data will be shown. Please check that the data is valid and then click on
For the next step, getting the entitlement for a service, you have to look up your account identifier. Choose
Übersicht from the menu at the top of the page, and then select
Personal Data /
Meine Daten. The field you are looking for is called
eduPersonPrincipalName. The account identifier in the following example image would be
Step 2: Service entitlement¶
Before you can use any of the NHR@KIT services, you have to get the permission to do so.
HoreKa: You have to be a member of an existing computing time project that is either in the Preliminary Phase or has been fully accepted. If this is the case, please fill out the HoreKa access form, have it signed and send it to firstname.lastname@example.org.
HAICORE: If you are a member of one of the institutions in the Helmholtz Association, there is no further entitlement needed and you can register yourself for the HAICORE@KIT service. Note that this is a seperate service and HoreKa resources are not available. Please refer to the Helmholtz AI website for more information.
Future Technologies Partition (FTP): You have to be a member of an existing HoreKa computing time project that is either in the Preliminary Phase or has been fully accepted. If this is the case, please contact the support channels to request access to the FTP.
bwUniCluster 2.0: Please refer to the documentation on the bwHPC Wiki.
Juypter: There is no separate registration for Juypter. Please have a look at the Juypter Logging In section for a list of entry points.
Step 3: Two-factor authentication¶
All NHR@KIT services are protected using two-factor authentication (2FA). In addition to setting a password, you also have to provide a One-Time Password at login time that is generated by a Software or Hardware Token device.
2FA has to be successfully set up before you can register for any NHR@KIT services on FeLS, so it is a good idea to do this immediately after Step 1 or while you are waiting for the entitlement requested in Step 2.
Please refer to the 2FA section for more information about One-Time Passwords, tokens and how to manage them.
Step 4: Service registration¶
After you have been issued an entitlement, the respective service will show up on FeLS and you can register for it.
On the FeLS home screen you can find a list of all services you currently have access to. Click on
Registrieren to start the registration process.
If the requirements for using the service are not met, e.g. because 2-factor authentication hasn't been set up yet, a corresponding message will be shown at the top of the page. In this case, please follow the instructions to solve the issue. If you have questions, please contact the support channels.
Set a service password and click on
Speichern. Please make sure you use a strong password that is different from any other password you are currently using or have used on other systems. You will also be asked to change the service password regularly.
After completing the last step, you can now log in or use an alternative access method like Jupyter to access the service you have registered for.