Identity Federations - Installation and operation

Slides:



Advertisements
Similar presentations
A distributed architecture for crystallography data, metadata, and applications John C. Bollinger Indiana University Molecular Structure Center, Bloomington,
Advertisements

ARCHER’s Security Requirements within the AAF. 2 Research Repository Requirements (relevant to AAF) Identity Management provided by the Federation  Single-sign-on.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
SEEM4570: XAMPP, Eclipse, Summary of Html Kangfei Zhao Room 711,ERB
Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.
Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.
Module 1 Introduction to Managing Microsoft® Windows Server® 2008 Environment.
AAI with simpleSAMLphp
Mobile Tech Architecture Overview Phil Sirigiano Technical Services 3/4/2015.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
SWITCHaai Team Introduction to Shibboleth.
Projects. High Performance Computing Projects Design and implement an HPC cluster with one master node and two compute nodes. (Hint: use Rocks HPC Cluster.
Shibboleth IdP Training: Productionalization January, 2009.
Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.
TEIN Shibboleth Training Course Introduction to SAML/Shibboleth at ComLabs USDI ITB, (updated version)
Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
Shibboleth for Real Dave Kennedy
Ch 2 – Application Assembly and Deployment COSC 617 Jeff Schmitt September 14, 2006.
Shibboleth at the U of M Christopher A. Bongaarts code-people June 2, 2011.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
Portal-based Access to Advanced Security Infrastructures John Watt UK e-Science All Hands Meeting September 11 th 2008.
Federated Identity and Shibboleth Concepts Rick Summerhill Chief Technology Officer Internet2 GEC3 October 29, 2008 Slides by Nate Klingenstein
Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.
Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.
1 PUPPET AND DSC. INTRODUCTION AND USAGE IN CONTINUOUS DELIVERY PROCESS. VIKTAR VEDMICH PAVEL PESETSKIY AUGUST 1, 2015.
Shibboleth at the U of M Christopher A. Bongaarts net-people March 10, 2011.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
PAPI: Simple and Ubiquitous Access to Internet Information Services JISC/CNI Conference - Edinburgh, 27 June 2002.
Web Server Apache PHP HTTP Request User types URL into browser Address resolved if nec. We use directly Most browsers request.
Campuses New to Shibboleth: WebSSO Barry Johnson
June 9, 2009 SURFfederatie: implementing a multi- protocol federation Hans Zandbelt & Joost van Dijk, SURFnet.
Is Federation Putting you at Risk? Presenter: Dan Dagnall – Chief Operating Officer, Fischer International Identity, LLC.
Administrative Information Systems Shibboleth Install Session Technical Information Session for Developers Datta Mahabalagiri.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
Google Code Libraries Dima Ionut Daniel. Contents What is Google Code? LDAPBeans Object-ldap-mapping Ldap-ODM Bug4j jOOR Rapa jongo Conclusion Bibliography.
Networks ∙ Services ∙ People Mandeep Saini TNC15, Porto, Portugal Virtual organisation Authorisation Management Practices in Research and.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Migrating Single Sign On to CAS and Shibboleth George Hosler Information Technology 5/29/2013.
IT Services Shibboleth Single Sign-On overview. Overview What/where/why? The UK-Federation/Registration Terminology Configuration Protecting Content Benefits.
The IGTF to eduGAIN Bridge
Web and Proxy Server.
IBIS, A Framework For the Interoperability Of Bio-repository Information System In Africa - Final report Abayomi Mosaku and Boladele Akanle - Covenant.
David Millman—Columbia January 2005
Using Your Own Authentication System with ArcGIS Online
HMA Identity Management Status
Stop Those Prying Eyes Getting to Your Data
EthERNet Research & Education Repository
LIGO Identity and Access Management
EthERNet Repository - Final report
Open OnDemand: Open Source General Purpose HPC Portal
Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd
GWAS-TOOL – Final report
EthERNet Research & Education Repository
Extending Authentication to Members of Social Networks
Implementing Active Directory Domain Services
University of Stuttgart University of Murcia
HMA Identity Management Status
Identity Federations - Overview
Umbrella Update Björn Abt.
Use case name – Intermediate report
EthERNet Research & Education Repository
Gaussian Mekuanent Getachew Kassaye — EthERNet
Mechanisms for Distributed Global Authentication David R Newman.
Use case name – Intermediate report
Shibboleth 2.0 IdP Training: Introduction
Presentation transcript:

Identity Federations - Installation and operation Marco Fargetta - INFN – Italy (marco.fargetta@ct.infn.it) EthERNet e-Research Hackfest – Addis Ababa (Ethiopia)

Several software are available to implement an IdP or an SP Software available Several software are available to implement an IdP or an SP The most famous are: Shibboleth IdP/SP SimpleSAMLphp Some applications implement the support to SAML without external tools We will concentrate on Shibboleth solutions

Many linux distributions already include the package Shibboleth SP The SP is provided as a module for apache httpd web server Libraries for application developers are provided but they promote the module as the simplest and more efficient solution Many linux distributions already include the package After the installation the main configuration files are in: /etc/shibboleth

The files attribute-map.xml and attribute-policy.xml allow to specify: SP Configuration Inside the main configuration, shibboleth2.xml, file it is important to specify: The parameter for the session If a DS has to be used The IdPs to use for the authentication Can be a list of IdP or a federation file The files attribute-map.xml and attribute-policy.xml allow to specify: The attributes retrieved from the IdP A filter for the attributes

Any web application can be configured to work with apache httpd SP Configuration Apache can be configured to protect a location or a directory with shibboleth If the user try to access the authentication is performed and the user attributes are provided to the application behind Any web application can be configured to work with apache httpd In some cases apache httpd can be configured as a proxy for the real server E. g. java application running on tomcat or similar

Shibboleth IdP is a java web application IdP Configuration Shibboleth IdP is a java web application It perform all the authentication steps User management is out of scope and a separated tool has to be used Last version requires tomcat 8 for the deployment Deployment file has to be defined The configuration is in the conf directory where it is deployed An ansible role has been developed to perform the basic installation An update and tests could be requested

User information can be stored in LDAP or RDBMS (e.g. mysql) IdP Configuration Main items to configure include: The user authentication (ldap.properties) The attribute database (ldap.properties, attribute-resolver.xml and attribute-filter.xml) The accepted SPs (metadata-provider.xml) User information can be stored in LDAP or RDBMS (e.g. mysql) A software can be provided for basic user management in LDAP but not tested with tomcat 8

When the IdP or SP is configured it should publish its own metadata After Configuration When the IdP or SP is configured it should publish its own metadata Metadata should be provided to the other services or the federation Generated metadata miss some information so they should be copied locally to the service and extended The link to the extended version has to be provided

Thank you! sci-gaia.eu info@sci-gaia.eu

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.