Service Registration Procedure

OpenID Connect (OIDC)

For OIDC service registration is different per Community AAI solution of your NFDI Consortium.

Unity

Unity offers a self-service registration at https://login.helmholtz.de/oauthhome. A quick walkthrough is given here.

---

AcademicID, didmos, RegAPP, Infrastruture Proxy

These services require manual registration via email. Please collect these information and email them to the OP to which you want to be connected.

Find email addresses and OP-Urls below.

Mandatory
    - Client ID: <the client_id chosen by the requester>
    - Client Secret: <client secret is often set by the OP>
    - Client Name: <Human readable client name>
    - Client URL: <website of the service, that users are suppoosed to visit>
    - Redirect URIs: <a list of redirect URIs>
      - https://ssh-oidc-web.data.kit.edu/auth/callback/nfdi-infra
      - https://ssh-oidc-web.data.kit.edu:8443/auth/callback/nfdi-infra
    - Data Privacy Statement: <A link to the service's PP> (DPS / PPPD)
    - In case of Infrastructure Proxy AVV (Data Processing Agreement with DFN, once per Organisation)
    - Contact data (email addresses, if possible a mailinglist):
        - Service Admin
        - Service Security Contact
        - Site Security Contact
        - Helpdesk Contact

Optional (if in doubt: leave it out)
    - Scopes: <a list of scopes required by the client>
    - Offline Access Needed (i.e. Refresh Tokens): Yes / No
    - Logo Url: <link or file to a logo of the service>
    - Post Logout Redirect URI(s)
    - PKCE Supported: <bool>
    - PKCE Type: <Algorithm>
    - Grant Types: 
        - authorization code
        - device code
        - client credentials
        - token-exchange
    - Token Endpoint Authorization Method: [basic | post]
    - Client Needs token introspection: Yes / No
    - Specific Lifetime Requirements:
        - RT Lifetime
        - AT Lifetime
        - IDT Lifetime
    - Resource Indicators (RFC8707)
    - Free Form Text Entry field "Additional Information"

CAAI Registration Contacts

Please send the above information to.

AcademicID

• Service Registration Email:
• OP Endpoint: https://keycloak.sso.gwdg.de/auth/realms/academiccloud (well-known/openid-configuration)

didmos

• Service Registration Email: nfdi-support@daasi.de
• OP Endpoint: https://auth.didmos.nfdi-aai.de (well-known/openid-configuration)

RegApp

• Documentation: https://www.scc.kit.edu/dienste/regapp.php
• Service Registration Email: fels@scc.kit.edu
• OP Endpoint: https://regapp.nfdi-aai.de/oidc/realms/nfdi (well-known/openid-configuration)

Unity

• Documentation: https://hifis.net/doc/helmholtz-aai/howto-services
• Service Registration: Please visit this webpage: https://login.helmholtz.de/oauthhome
• OP Endpoint: https://login.helmholtz.de/oauth2 (well-known/openid-configuration)

NFDI Infrastructure Proxy

• Service Registration Email: hotline@aai.dfn.de
• OP Endpoint: https://infraproxy.nfdi-aai.dfn.de (well-known/openid-configuration)

Security Assertion Markup Language (SAML)

Please refer to the IAM4NFDI Service Onboarding Handbook.

Last change: Dec 04, 2025 14:26:28