We are upgrading this site on Friday 5 March commencing at 17:00 UTC and running until 20:00 UTC. During the maintenance window there will be several reboots and service interruptions so we strongly recommend that you don’t attempt to use the site during the maintenance window.
Skip to end of metadata
Go to start of metadata


WaTTS is a token translation service. Its purposeful design is to facilitate usage and integration of services that consume various credentials. Examples are services requiring SSH keys or services requiring the use of X.509 certificates. For this, WaTTS can be accessed using federated identities (via OpenID Connect) and uses a plugin scheme to generate necessary credentials for the desired service. For source of federated identities that do not use OIDC, it is recommend to integrate WaTTS with one of the existing SP-IdP-Proxy solutions, as WaTTS on its own does not support SAML. This allows users to access services that support only non-federated authentication mechanisms using their federated identities. Relying Services can subscribe to the credential translation service of the Life Science AAI provided by WaTTS, allowing the users to obtain X.509 certificates based on their Life Science IDs. Via WaTTS, after obtaining a certificate from RCauth.eu online CA, the credential is stored as a proxy certificate in a trusted credential store, and subsequently provided to the user. User can also upload its SSH public key, with which the user can then obtain the proxy certificate via command line. Additional plugins are also present to support other services.

WaTTS is developed by KIT with funding from INDIGO, and for LS AAI pilot is operated as a service from EUDAT and KIT.

User Guide

At the following link is available a complete guide related to WaTTS.


Code Guide

A complete guide related to WaTTS codes and function is available at the following link:



The service has been extended with two plugins, to allow the of OIDC login to access services via ssh and RCauth.

Those two plugins are the results of two separate AARC1 pilots. Both are well documented and described at the following links:

WaTTS SSH plugin: WaTTS SSH plugin - SSH access using OIDC login

WaTTS RCauth plugin: WaTTS RCauth plugin - Obtaining IOTA proxy certificates with OIDC

  • No labels