Fedarated Authentication and Authorization

The Identity Federation is a single information environment that unites participants on the basis of the Single Sign On technology infrastructure (SSO).

This technology assumes that the user is always authorized on the servers of his Home organization. Source records of users may serve different databases of the university: the database of users of domain controllers (databases, LDAP), the base administration of the university (personnel department, student accounting system), etc. In some cases, for the introduction of federal authorization in a university, they may need a thorough audit of the system for storing and processing user credentials, and then implementing software and hardware processing of credentials and protected personal data.

Federated authorization for the university menas:

  • Keeping records only in the home organization
  • Processing of personal data in accordance with FZ 152, 242 and others.
  • Controlling the use of information resources in the educational process and science
  • Optimization of university spending on subscription and maintenance of information resources
  • Positive dynamics of university rating indicators

Federated authorization for a user means:

  • A single set of credentials for authorization on all resources and services for study and research.
  • Mobility of education and science: access to all resources from anywhere connected to Internet
  • International exchange - access to resources of universities and educational networks around the world
Federation Operator, Federation's authoroties

In accordance with the rPolicy of the RUNNetAAI Identity Federation, the operator of the Identity Federation is the Federal State Autonomous Institution "State Research Institute of Information Technologies and Telecommunications" (FGAU GNIIT ITT "Informika").

The management of the RUNNetAAI Identity Federation is carried out by:

Anton V. Evseev, delegate

Vasiliy A. Porkhachev, deputy,  This email address is being protected from spambots. You need JavaScript enabled to view it. 

Ilya V. Vasiliev, deputy, +7(812) 670-2010 (#2209), This email address is being protected from spambots. You need JavaScript enabled to view it.


 RUNNetAAI Documents

How to enter the Identity Federation

According to the Policy of the Identity Federation participation is allowed for legal entities - educational organizations of higher education, scientific organizations and organizations of additional professional education - as a Home Organization, and also as a Service Provider, and for other organizations that carry out their activities in the interests of educational and scientific organizations is allowed only as a Service Provider. 

Federation provides its services only if the organization has accessed the Policy.

The procedure for Accession the Policy.

  1. An organization wishing to access the Policy shall fill out an Application for accession to the Policy of the Identity Federation, indicating in what role (with what role of the Participant) it joins the Policy.
  2. The candidate organization at its own expense and on its own computer resources deploys free software (Software) in accordance with the requirements of the Technological Profile(s) (Appendix No. 2 to the Policy) in accordance with the role of the Participant specified in the Application for Joining.
  3. After the launch of the software, the Candidate Organization undergoes the procedure for verifying the correct operation of the software on the part of the Operator with the elimination of errors identified by the Operator.
  4. After undergoing the software verification procedure, the Candidate Organization signs the Terms of Service, this Policy and the implemented Technological Profile(s).
federation's metadata

 RUNNetAAI Metadata distribution service

RUNNet AAI production Metadata
SHA1 fingerprint:      D7:66:FF:4F:3A:AF:2C:A0:E8:DB:5B:38:83:86:0D:20:6E:9F:F6:F7
SHA256 fingerprint:    E1:F4:DB:74:0A:9B:1A:A2:86:22:22:97:E6:13:A9:A4:5D:5D:5A:DA:5D:B7:50:5E:AF:1D:9D:35:4D:C4:2C:BD
MD5 fingerprint:       32:3C:AC:CA:D4:B0:9A:12:8F:A8:EA:97:04:01:16:FE

RUNNetAAI Identity Federation's metadata