As a user, I want to use my existing AAI login for Opencast, too


While Opencast has been supporting Shibboleth for years, its use with Opencast required Adopters to come up with an implementation of the ShibbolethLoginHandler interface.

With other words: So far, taking advantage of Shibboleth-based authentication systems required additional efforts from Adopters.

SWITCH has gone the extra mile and has - based on the SWITCHaai-specific login handler - built a configurable AAI login handler that focuses on a minimal set of Shibboleth attributes that are both sufficient for use with Opencast and should be available in any Shibboleth federation.
Note that the Authentication and Authorization Infrastructure (AAI) is a Shibboleth-based federated identity management infrastructure supported by many higher education institutions worldwide. Since I'm not very knowledgable considering Shibboleth/AAI, expect me to mix up those terms wildly

This pull request aims at making Opencast support AAI right out-of-the-box.

What benefits can Opencast Shibboleth authentication provide?

The benefit that can be achieved by the use of Shibboleth authentication goes to the users: Users can use their existing Single-Sign-On login of their Shibboleth federation instead of requiring yet another login for Opencast.

Shibboleth Federations

AAI logins can be used within (and also across) so-called Shibboleth Identity Federations. Those are established in means of higher education institutions implementing a so-called Shibboleth Identity Provider (IdP) and therefore making parts of their local user information available to larger circle, a Shibboleth federation.
This enables students and staff of higher education institutions to use a single login to access Shibboleth-enabled services (Shibboleth Service Providers) to access web resources within the federation - not just their local campus.
Shibboleth federations typically match geographical borders, e.g. in Switzerland there is the SWITCHaai Federation, in Germany it is the DFNaai Federation, etc. In the context of research and education, Shibboleth federations are typically managed by NRENs (National Research and Education Networks), e.g. SWITCH is the NREN of Switzerland.

An informal list of Shibboleth Federations (based on voluntary registration) can be found on:

Inter-Federation Interoperability

It is also possible to use AAI logins across Shibboleth federations. This requires your NREN and your institution to participate eduGain, however.
To see whether your NREN supports eduGain, please consult

Fixed and reviewed


Sven Stauber


Sven Stauber

Tags (folksonomy)



Fix versions

Affects versions