The University of Helsinki is the largest university in Finland, with 35,000 degree students and some 8,000 employees. The university has placed in the top 100 of numerous global studies comparing universities. In 2013, the university launched the IAM project with the primary aim of rebuilding the system for identity management.
Identity and access management is particularly difficult in the university environment because many users have two or more roles. For instance, many students who are close to graduating are also employed by their university departments. In the academic world, many employees have temporary contracts or their work is funded through grants. Because of these factors, it is important that the life-cycle management of identities is not made too aggressive and the links between identities and organisational units are kept flexible.
Finnish universities have a well-developed identity federation, HAKA, which is based on Shibboleth/SAML2 technology. The federation sets some preconditions for the implementation of identity management concerning both the technology and the processes used. These include identifying the users reliably when creating the user account or handing it over to the user.
When the University of Helsinki started rebuilding its IdM system, the starting point was to check whether any open source products exist that could be used as the basis of the system. We knew that it was unlikely that even any commercial solutions would be directly ready to meet our requirements, so we were prepared for extensive customisation in any case. In addition, we had decided that the system should be largely implemented at the university. This would allow it to respond quickly to the constantly changing requirements during the maintenance phase.
Of all the open source systems available, we selected the Apache Syncope, as it met our requirements in the POC evaluation. As the home university of the developer of the Linux system, we have no doubts concerning the use of open source solutions.
We have had a few years to get to know Apache Syncope and have gained some in-depth knowledge of its use. For this, the support provided by Tirasa has been a vital aid. We have received help in the form of, for instance, code examples providing a preview of the implementation, as well as solutions to configuration problems and quick fixes to any errors we have discovered.
How to configure Apache Syncope to send notification e-mails
Apache Syncope already provides powerful, tunable attribute validators, enforced by the Core back-end: what about customizing front-end validation?
We put the latest Apache Syncope and PostgreSQL on the bench to try and push to the limit: here are the results
Tirasa joins Maggioli, Metron and University of L'Aquila to shepherd the Italian Public Administration towards Cloud services
PlainID and Tirasa announced the release of a PlainID Dynamic Authorization integrate solution, to enhance its Authorization management capabilities
AULSS 6 Euganea of Padua makes standard-based Open Source user management and IT authorization