Presentation is loading. Please wait.

Presentation is loading. Please wait.

Michael Ghens Information Systems Specialist Santa Barbara City College.

Published byCrystal Adams Modified over 8 years ago

Similar presentations

Presentation on theme: "Michael Ghens Information Systems Specialist Santa Barbara City College."— Presentation transcript:

1 Michael Ghens Information Systems Specialist Santa Barbara City College

2 How do we allow Faculty, Staff and Students from another institution access Santa Barbara City College’s Wi-Fi with verification without creating local accounts. Both Santa Barbara City College and CSU Channel Islands have Shibboleth Identity Solutions and belong to the InCommon Federation

3 Both SBCC and CSUCI belong to Incommon Federation Which allows secure exchange of metadata The InCommon Federation is the U.S. education and research identity federation, providing a common framework for trusted shared management of access to on-line resources. Through InCommon, Identity Providers can give their users single sign-on convenience and privacy protection, while online Service Providers control access to their protected resources.

4 On SBCC’s Side Aruba Wireless Infrastructure: Aruba Controller Active Directory Shibboleth LDAP XML

5 Metadata agreements with CSUCI What attributes to be provided (UID, SN, givenName,Mail). Create Shibbolized Captive Portal for Aruba Controller Set up embedded Shibboleth directory service Create Backend authentication logic Log user logins

6 Apache web server Shibboleth module PHP Embedded Directory Service Configuring Aruba for external authentication (XML add_user after user verification)

7 Used Syslog to capture success/failure Centralized Syslog server Graylog2 Log Manager

8 Mar 8 12:45:15 wfsp FEDAUTH[701]: ************* logged in with role: student from: https://mckinley.csuci.edu/idp/shibboleth Mar 8 13:20:22 wfsp FEDAUTH[1428]: ************* logged in with role: student from: https://mckinley.csuci.edu/idp/shibboleth Mar 8 13:45:42 wfsp FEDAUTH[2044]: ************* logged in with role: student from: https://mckinley.csuci.edu/idp/shibboleth 2013-03-08 12:45:15 INFO Shibboleth-TRANSACTION [120519]: uid (1 values) 2013-03-08 12:45:15 INFO Shibboleth-TRANSACTION [120519]: sn (1 values) 2013-03-08 12:45:15 INFO Shibboleth-TRANSACTION [120519]: givenName (1 values) 2013-03-08 12:45:15 INFO Shibboleth-TRANSACTION [120519]: mail (1 values) 2013-03-08 12:45:15 INFO Shibboleth-TRANSACTION [120519]: } 2013-03-08 13:20:22 INFO Shibboleth-TRANSACTION [120521]: New session (ID: _7a2287c22a43d1dce53e1fb566fa9b67) with (applicationId: default) for principal from (IdP: https://mckinley.csuci.edu/idp/shibboleth) at (ClientAddress: 10.1.65.53) with (NameIdentifier: _e73e638370aa1e8fe3fa89ae77087838) using (Protocol: urn:oasis:names:tc:SAML:2.0:protocol) from (AssertionID: _5d8800710f2611c58a7156cefa8e1a83 )

9

10

11

12 Aruba Controller Captive Portal SBCC Login CSUCI IDP Yes No Internet

13 Session Time Outs Coordination of infrastructure changes A more relax captive portal rules

14 Eduroam Active Directory Peering Radius

15

Download ppt "Michael Ghens Information Systems Specialist Santa Barbara City College."

Similar presentations

Moodle@Kidderminster College An insight Into the College VLE Graham Mason gmason@kidderminster.ac.uk.

College An insight Into the College VLE Graham Mason
Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.

Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Building the Future: Millennium’s Relationship with Campus Systems and Services John Culshaw Faculty Director for Systems University of Colorado at Boulder.

Building the Future: Millennium’s Relationship with Campus Systems and Services John Culshaw Faculty Director for Systems University of Colorado at Boulder.
16/3/2015 META ACCESS MANAGEMENT SYSTEM Implementing Authorised Access Dr. Erik Vullings MAMS Programme Manager

16/3/2015 META ACCESS MANAGEMENT SYSTEM Implementing Authorised Access Dr. Erik Vullings MAMS Programme Manager
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
SIMI: Secure Identity Management Infrastructure for the CSU A. Michael Berman, Cal Poly Pomona.

SIMI: Secure Identity Management Infrastructure for the CSU A. Michael Berman, Cal Poly Pomona.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.

NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March 3. 2008.

Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
EduRoam Australia Project Experience in location independent wireless networking with international collaboration with TERENA EduRoam Project 19 th APAN.

EduRoam Australia Project Experience in location independent wireless networking with international collaboration with TERENA EduRoam Project 19 th APAN.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 STRIDE towards 2-factor Web SSO Rich Graves October 2014 GIAC GSE, GCIA, GCIH, GPEN,

1 SANS Technology Institute - Candidate for Master of Science Degree 1 STRIDE towards 2-factor Web SSO Rich Graves October 2014 GIAC GSE, GCIA, GCIH, GPEN,
AAI with simpleSAMLphp

AAI with simpleSAMLphp
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
ID Management in University ID Management in University Kenzi Watanabe Saga University, Japan

ID Management in University ID Management in University Kenzi Watanabe Saga University, Japan

Similar presentations

Ads by Google