Comments and Answers
Source: Freepik
Some of you participated in the satisfaction survey and gave us a few suggestions.
Many thanks for that!
We gladly take up your points and explain to you:
- what can you do in case of possible problems,
- which things unfortunately cannot be changed at the moment,
- and above all: which problems will soon be solved by new services.
Stay Logged in for 24 Hours
Many users have expressed the wish to remain logged in to RWTHmoodle or RWTHonline for at least 24 hours. Since these two servoces are authenticated via RWTH Single Sign-On (RWTH SSO), this is not possible.
An Identity Provider (IdP) SSO session, that is the duration of an “application session”, is approximately limited to 14 hours. This ensures that you do not have to log in again during a normal working day. This time window represents a compromise between user-friendliness and security requirements.
In addition to the duration of the SSO session, the internal session of the services, such as RWTHonline or RWTHmoodle, also determines when you have to log in again. Moodle ends the session after 4 hours of inactivity or after 14 hours at the latest. There are currently no plans to change the SSO session duration of the identity provider.
Coupon Codes and Their Pitfalls
In many inquiries from customers, there are reports of coupons that do not work. This can happen, for example, if an attempt is made to redeem the coupon immediately after receipt. You can receive a coupon from different systems – for example from RWTHonline or the HR system of the personnel department. They are issued to grant people certain functions or authorizations, which in turn are stored in your virtual identity, in IdM.
This information is then transferred by IdM to other systems, such as RWTHonline.
The reason for the error message is that data between the large systems such as RWTHonline and the HR system is only synchronized once a night. This means that coupons from these systems can only be redeemed afterwards. You as the user will then receive the message: “Coupon not redeemable or not yet known”. For this reason, the e-mail of the coupon code usually includes the date from which it can be redeemed.
We are already aware of this problem and are working on a solution that will allow coupons to be redeemed regardless of the synchronization time.
Less Would Be More
“It would be very nice if I didn’t need so many different username and password combinations,” one user wrote to us.
Source: Own illustration
Many services authenticate users via RWTH Single Sign-On. Unfortunately, this is not technically possible for all services.
Therefore, there are other accounts for some services.
In case of a registration, the IdM generates a username (ab123456). This username is used for all services that are connected to the Identity Management. For email accounts, for example, there is an exception. Here you have to add a domain to distinguish between the mail account of the RWTH domain (ab123456@rwth-aachen.de) and the domain of the institute (ab123456@itc.rwth-aachen.de).
A True Classic
“I can’t save the login to the selfservice as a bookmark”.
Source: Own illustration
Yes, you can’t save the login page from RWTH Single Sign-On (SSO), because you have to visit the service first, which in turn redirects you to the common, central login page.
But, this is not a must! Just save the link to the IdM.(*)
This is due to the nature of SSO: the identity provider you authenticate to must first know for which service provider you want to log in. So if you want to log in to Selfservice, you will be first redirected to the IdP’s login page, where you will log in to SSO with your identification. After successful login you will be sent to the Selfservice.
This principle is also used for other RWTH services.
However, if you have already verified your login data in the IdP, you do not have to enter your data again for the next service. The login will then take place automatically.
Since this all works in the background through the browser, you will not notice anything.
Everything Comes to an End
The interaction of the aging CAMPUS persons directory with the IdM is a bit cumbersome. For a while now, all new employees registered in CAMPUS have been linked to their identity in IdM in order to link as many data records as possible and facilitate the upcoming migration.
This is currently done manually by a few colleagues at the IT Center. However, manual entries can lead to typing errors or sometimes the hands are not available.
We would like to take this opportunity to thank these patient colleagues!
Source: Own illustration
Though this linking step is no longer necessary, with RWTHcontacts as the successor service for the CAMPUS persons directory.
This is because persons must first be registered in IdM and then automatically appear in an overview with the administrators of the organizational units. This allows them to be linked to the organizational unit. The organization directory of the new service RWTHcontacts is already available online.
We hope we were able to provide some clarification with this.
You still have questions or suggestions? Feel free to leave a comment!
Responsible for the content of this article is Thorsten Kurth.
