Shibboleth Integration Fairfield University

Slides:

Advertisements

Similar presentations

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Advertisements

Sun Identity Manager Evaluation An exploration by the Advanced Systems Team, ICSD, Academic Services.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

Building the Future: Millennium’s Relationship with Campus Systems and Services John Culshaw Faculty Director for Systems University of Colorado at Boulder.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

Toolbox Mirror -Overview Effective Distributed Learning.

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

AutoSignon - A Reference Implementation of a Secure Single Sign-On Blackboard Building Block TM Richesh Ruchir, Technical Manager

PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.

July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity1 Provisioning Services Collaborative CSU, East Bay and CSU, San Bernardino.

Peter Deutsch Director, I&IT Systems July 12, 2005

NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.

Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.

Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram.

Module 12: Designing an AD LDS Implementation. AD LDS Usage AD LDS is most commonly used as a solution to the following requirements: Providing an LDAP-based.

Identity Management: Past, Present, and Future Wait, the requirements have changed again.

INTEGRATION WITH OTHER IDM SOLUTIONS Remember… The primary goal of KIM was to build a service- oriented abstraction layer for Identity and Access Management.

SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.

Michael Ghens Information Systems Specialist Santa Barbara City College.

UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma

Implementing LDAP Client/Server System for Directory Service By Maochun Sun Project Advisor: Dr. Chung-E Wang Department of Computer Science California.

Shibboleth for Real Dave Kennedy

Shibboleth at the U of M Christopher A. Bongaarts code-people June 2, 2011.

Shibboleth at Columbia Update David Millman R&D July ’05

John Douglass, Developer Ron Hutchins, Dir. Engineering Herbert Baines, Dir. InfoSec.

Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, am.

Shibboleth at the U of M Christopher A. Bongaarts net-people March 10, 2011.

Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.

February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.

Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, am.

Module 10: Identity and Access Services in Windows Server 2008 Active Directory.

With ADFS and Azure Active Directory

Campuses New to Shibboleth: WebSSO Barry Johnson

Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.

Basic Security Cor Loef Philips Medical Systems Co-Chair IHE Radiology Technical Committee.

Module 1: Introduction to Windows 2000 and Networking.

CERN IT Department CH-1211 Genève 23 Switzerland t Single Sign On, Identity and Access management at CERN Alex Lossent Emmanuel Ormancey,

Live. learn. work. play Superior Ave E Suite 310 Cleveland Ohio Tel: Fax:

General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen.

Virtual Directory Services and Directory Synchronization May 13 th, 2008 Bill Claycomb Computer Systems Analyst Infrastructure Computing Systems Department.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

The FederID project The First Identity Management and Federation Free Software.

Revelations of a 9iAS Implementation Michael A. Kirchenbauer P.Eng. Infrastructure Architect Sierra Systems Consultants Inc. Session id:

October 2014 HYBRIS ARCHITECTURE & TECHNOLOGY 01 OVERVIEW.

Web SSO with Cloud Resources using AD Federation Services

Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd

An authorization service for Virtual Organizations (VO)

Implementing Active Directory Domain Services

University of Texas System

Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support

Welcome to the 20th Anniversary of the IUG

Identity Federations - Installation and operation

Shibboleth Implementation in EZproxy

ESA Single Sign On (SSO) and Federated Identity Management

Identity and Access Management

Public Key Infrastructure from the Most Trusted Name in e-Security

AD FS Integration Active Directory Federation Services (AD FS) 7.4

AD FS Installation Active Directory Federation Services (AD FS) 7.1

Federated Environments and Incident Response: The Worst of Both Worlds

AD RMS Back Up and Restore

Install AD Certificate Services

Windows Active Directory Environment

Device Registration and Multi-Factor Authentication

ACTIVE DIRECTORY An Overview.. By Karan Oberoi.

User Provisioning Project

Presentation transcript:

Shibboleth Integration Fairfield University Michael Graham-Cornell Director, Computing & Network Services mgraham-cornell@fairfield.edu

Agenda The user experience with Shibboleth (before & after CAS) Shibboleth Overview What we had What we did What we have Benefits and Gotchas

Initial Shibboleth Implementation Active Gmail Session? Student accesses mail.student.fairfield.edu Yes Gmail access granted No eduPersonPrincipalName Active Shibboleth Session? Yes No User logs into Shibboleth

Shibboleth Integrated with CAS Active Gmail Session? Student accesses fairfield.edu/gmail Yes No Active Shibboleth Session? Yes Gmail access granted No Active CAS Session? eduPersonPrincipalName Yes User logs into CAS No

Overview of Shibboleth

What We Had Banner (Identity System of Record) Sun Identity Manager (Identity Provisioning) Sun Directory Server (LDAP) Shibboleth Identity Provider (IdP) Gmail Service Provider (SP) Library Database Provider (SP)

What We Did Install CAS in Test Install CAS Service Manager CASify Shibboleth

Benefits CAS very secure and robust SSO environment CAS easily integrated into PHP and .NET applications (preferred for in-house authentication) We now support CAS and Shibboleth Service Providers – very flexible and easy to configure Only authorized service providers can authenticate Legacy applications can still authenticate through LDAP, but are rapidly being “CASified” Banner Forms, Self-Service, Workflow and BDMS use CAS authentication

What’s Better, CAS or Shibboleth? Whatever works! Actually, the initial framework is a challenge for both implementations. However, adding new service providers is MUCH EASIER with CAS than with Shibboleth.