Skip to Main Content
Over the past years Web applications increased in number and complexity (driven by ldquoWeb 2.0rdquo paradigm). Users need to manage different passwords to authenticate at these applications. Modern Web-based single sign-on solutions that reduce the complexity for usage and management of the userspsila credentials can be categorized in federated (typically SAML) or user-centric identity management (e.g., OpenID). On the one hand federated identity management is secure and most prevalent (especially in scientific communities). On the other hand user-centric approaches offer better usability and maintainability. While establishing federated identities for the Max Planck Society using the SAML-based Shibboleth system several extensions have been made to support the integration in different federations and allowing various authentication mechanisms being used by the 80 autonomous institutes. This paper describes the extensions by introducing an ldquoIdP Proxyrdquo that combines advantages of both federated and user-centric identity management functions.