Shibboleth at Newcastle Caleb Racey Webteam ISS Shibboleth experiences Program  Background  What shib has enabled  Benefits of shib  How to do shib.

Slides:

Advertisements

Similar presentations

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.

Advertisements

Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.

Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.

Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.

College An insight Into the College VLE Graham Mason

Central Authentication Service Roadmap JA-SIG Winter 2004.

The technical side of Portals and ePortfolios Bonnie Ferguson Michael Wilcox.

April 22nd 2008 Internet2 Spring member meeting Caleb Racey Newcastle University UK Studies in Advanced Access Management.

Introduction to Shibboleth and the IAMSECT Project.

Agenda AD to Windows Azure AD Sync Options Federation Architecture

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

2006 © SWITCH Group Management Tool Lukas Haemmerle

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

Tech Track: Attribute Delivery Newcastle University Caleb Racey

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Case Study: Newcastle University

Web based single sign on Caleb Racey Web development officer Webteam, customer services, ISS.

Iamsect.ncl.ac.u k IAMSECT Inter-institutional Authorisation Management to Support eLearning with reference to Clinical Teaching Core Middleware Programme.

Service Provider. Background Versions (since July ‘05) 2.0 (beta expected May ‘06)

PHP Scripting Language. Introduction “PHP” is an acronym for “PHP: Hypertext Preprocessor.” It is an interpreted, server-side scripting language. Originally.

Configuring PHP on IIS7 Making your application rock on IIS7 Taking advantage of the Windows platform Q&A at Open Space.

Collaboration tools at Newcastle Caleb Racey

Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

L. Grewe LAMP, WAMP and... Motivaiton Basic Web Systems with Delivery of Static and Dynamic Web Pages html, css, media javascript (“dynamic” on client.

Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.

Integrating with UCSF’s Shibboleth system

TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.

TNC 2008 JANET(UK) Shibboleth on Windows Trial TNC May 2008 Louis Searchwell Please note that the Shibboleth installer for Windows described in this presentation.

I2Q & WMnet Pilot Presented by Jason Rousell – i2Q Jay Neale - i2Q.

SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.

AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

DEV-25: From Box to Development for WSA/AIA/WebSpeed ™ using Tomcat Matt Harrison Senior Software Engineer, Progress OpenEdge.

GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,

Shibboleth at the U of M Christopher A. Bongaarts code-people June 2, 2011.

Shibboleth for Local Attribute Delivery 21 June 2007.

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.

Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.

Bloomer User Notes Installing and Running a Bloomer Installation Jack Park Latest: Project Home:

Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business.

Web Services Tiered Internet Authorization (WSTIERIA) 21 June 2011 Fiona Culloch

Single Sign-On in the Danish Educational Sector Per Thorboll Deputy director UNI-C.

The HTTP is a standard that all Web browsers and Web servers must speak in order for the Web portion of the Internet to work.

Shibboleth at the U of M Christopher A. Bongaarts net-people March 10, 2011.

Microsoft Management Seminar Series SMS 2003 Change Management.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Enabling Grids for E-sciencE Software installation and setup Viet Tran Institute of Informatics Slovakia.

Campuses New to Shibboleth: WebSSO Barry Johnson

CAS 3 Introduction and Overview. CAS2 is simple to understand 6 servlets and fewer than 10 JSPs 6 servlets and fewer than 10 JSPs auth package – where.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

Installing IIS 7(.5). Web Platform Installer What’s New in IIS 7 Fast CGI (PHP!) Shared Configuration Automated App Pool Isolation Extensions PowerShell.

CERN IT Department CH-1211 Genève 23 Switzerland t Single Sign On, Identity and Access management at CERN Alex Lossent Emmanuel Ormancey,

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.

The Umbrella Project Authentication The minimum user information possible is stored centrally to avoid Data Protection issues. The Authentication is done.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Monitoring and Accounting for AAI - Courtesy of RAPTOR, AMAAIS Rhys Smith, Cardiff University/JANET(UK) TNC 2011.

IT Services Shibboleth Single Sign-On overview. Overview What/where/why? The UK-Federation/Registration Terminology Configuration Protecting Content Benefits.

Using Your Own Authentication System with ArcGIS Online

ZIMBRA DESKTOP USER MANUAL

Getting Started.

Overview and Development Plans

Getting Started.

KC-ROLO Project Kidderminster College – Repository Of Learning Objects

Web Application Development Using PHP

The Future of Campus Single Sign-On

Presentation transcript:

Shibboleth at Newcastle Caleb Racey Webteam ISS

Shibboleth experiences Program  Background  What shib has enabled  Benefits of shib  How to do shib

Background IAMSECT Project - JISC funded  Shib early adopter  2 year project (finished this summer)  VLE focussed  Focus on shared medical students  Collaboration with Durham One of few practical deployment Projects

What we use shib for Blogs Mailing lists Wikis Webforms Course submission VLEs Athens

Blogs

Ease of installation: Modify php authentication code (1 man day) Benefits: User account creation automated Login never exposed to potentially untrustworthy code

Sympa mailings list

Sympa Mailing lists Ease of installation: Supported out of the box, adjust config file (1 hour) Benefits: SSO Auto account creation Allows both shib and local Auth

Mediawiki

Ease of installation: Download + install “extension” tweak config file (1 hour) Benefits: SSO User accounts creation automated Login never exposed to potentially untrustworthy code

Access controlled websites

Quick easy Access Control Ease of installation:.htaccess file by users (5 mins) Benefits: Web developers don’t need to understand complexities of secure login Auto population of info fields ( addresses etc)

Coursework.cs

Ease of installation: Install shib + configure server Work out how best to do WAYF Benefits: Federated service now possible, Durham students can now use.

Medical VLE

Ease of installation: Hard (Zope based) fast_cgi complex difficult user base Large legacy Benefits: SSO Roadmap away from legacy Reduced admin

Athens

Ease of installation: Hard (at the time) : - easy now? working out how to join multiple feds SSL cert incompatibility worries- now gone Benefits: SSO Reduced Admin overhead

What shib is not used for Blackboard in Newcastle  Blackboard shib support is UNIX based  Windows possible (but not out of the box)  Durham have test UNIX install

Benefits of shib International takeup = defacto standard “out of the box” shibd apps available. One web login technology to support Less SysAdmin effort Less documentation Less user education Less burden on web developers, don’t need to understand: How to do secure login How / Where to get user data

How to install Very brief overview of steps Prerequisites IdP SP Timescales See for detailshttp://iamsect.ncl.ac.uk

How to install: prerequisites Prerequisites: Identify suitable password store e.g. Active Directory Learn how to do https SSL certs, certificate Authorities Deploy WebISO or simple sign on e.g. Pubcookie, CAS, Mod_auth_Ldap

How to install: shib IdP Install and configure the software: not that hard (anymore) Java based (java skills not needed) Follow guide tweak xml config files Difficult bits: SSL certs (global sign or Thawte) Identify institutional data stores

How to Install: shib SP Linux + Apache: Prerolled RPMs= install + tweak config file (couple of hours) Windows + IIS: MSI installer= install+tweak config file (couple of hours) Java, Python, Ruby, Perl or cgi: Stick behind linux + apache, Install + configure connector (mod_jk, fast_cgi) (couple of days)

Where to get help  state.edu/twiki/bin/view/Shibboleth/Web Home   

Questions?