The Helmholtz AAI service is a Identity and Authorisation Management (IAM) system which arbitrates authenticated access to registered services in the context of the Helmholtz Assosiation. The role of the Helmholtz AAI service is to allow these services to make authentication and the authorisation decisions, and to perform any other processing required, when the end user accesses these services. When connecting to a Helmholtz service that requires a login (eventually with further attributes) the access request is redirected to the Helmholtz AAI instance ( https://login.helmholtz-data-federation.de/home/home) and the user can effectively login by using his/her primary credential.
Helmholtz AAI may use and store the Attributes provided by the IdP. The Helmholtz AAI Service Provider makes sure that the end user’s attributes are only forwarded to lower-level Service Providers which the end user wants to access.