The I-Trust Federation: Federating the University of Illinois Keith Wessel Identity Management Service Manager University of Illinois at Urbana-Champaign.

Slides:



Advertisements
Similar presentations
Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.
Advertisements

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
Widely Distributed Access Management Tom Barton University of Chicago.
Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager.
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.
Beyond Collaboration: Implementing SharePoint 2010 as a Platform for Data Use NCES MIS Conference 2012 San Diego Copyright © 2012, FCMAT/California School.
SWITCHaai Team Federated Identity Management.
AAI with simpleSAMLphp
AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.
SWITCHaai Team Introduction to Shibboleth.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.
Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.
Integrating with UCSF’s Shibboleth system
User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.
FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
Shibboleth at the U of M Christopher A. Bongaarts code-people June 2, 2011.
Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.
Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.
Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.
Shibboleth at the U of M Christopher A. Bongaarts net-people March 10, 2011.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Attribute Aggregation in Federated Identity Management David Chadwick, George Inman, Stijn Lievens University of Kent.
Géant-TrustBroker Project Overview Daniela Pöhn 7 th FIM4R meeting Frascati, Italy April 24 th, 2014.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
June 9, 2009 SURFfederatie: implementing a multi- protocol federation Hans Zandbelt & Joost van Dijk, SURFnet.
Administrative Information Systems Shibboleth Install Session Technical Information Session for Developers Datta Mahabalagiri.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Web SSO with Cloud Resources using AD Federation Services
Azure Active Directory - Business 2 Consumer
LIGO Identity and Access Management
Analyn Policarpio Andrew Jazon Gupaal
Federation made simple
Federation Systems, ADFS, & Shibboleth 2.0
Géant-TrustBroker Dynamic inter-federation identity management
SaaS Application Deep Dive
Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support
John O’Keefe Director of Academic Technology & Network Services
Your Key to Privacy, Security, and Access to Services
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Identity Federations - Installation and operation
Cloud Connect Seamlessly
ESA Single Sign On (SSO) and Federated Identity Management
Getting Started.
Getting Started.
Shibboleth Deployment Overview
Device Registration and Multi-Factor Authentication
Shibboleth 2.0 IdP Training: Introduction
Presentation transcript:

The I-Trust Federation: Federating the University of Illinois Keith Wessel Identity Management Service Manager University of Illinois at Urbana-Champaign

Goal: retire legacy web sign-on service and replace with Shibboleth The challenge: U of Illinois’ three campuses maintain their own user and password stores and IDPs. Old Web SO allowed for inter-domain authentication for services used by users from multiple campuses. Goals and Challenges

Federate the three campuses. Use existing IDPs and user/password stores. Put a Shib SP on each service that currently uses the legacy system. Services that need to allow access to users from multiple campuses can point to a centralized discovery service. The solution

We have over 500 service providers behind the legacy system. Many allow access to users from more than one campus. Even with delegated SP administration, this would be costly and labor-intensive. This is also overkill to get SP data to the university’s three IDPs. If an SP needs to federate beyond the university, such as with another university, we will work with them to manually enter them in InCommon. Why not put everyone in InCommon?

Initial case was to simply get SSO functional and metadata circulating between the three campuses. Before we even announced it, our software webstore folks were asking questions. By adding other universities, community colleges and K-12 users, our software webstore could sell to more users and get larger discounts. State library consortium is also interested with the value of resource sharing through federation. We had these cases brought to us. After launch, we expect a lot more. The business case

1.Identify technical and management resources from each campus. 2.Agree that Urbana campus, the largest, will take the lead. 3.Compare attributes being released by all three IDPs to build and approve a list of common attributes. 4.Standardize names of federation attributes. 5.Set up common platform for maintaining and disseminating metadata and attribute release Planning

Discovery Service: Shibboleth project’s centralized discovery service is offered for SPs needing to allow access to all three campuses Metadata management and dissemination: Australian Access Federation’s Federation Registry. Metadata signing: Shibboleth project’s xmlsectool Nuts and bolts

An extensible, open web application that provides a central point of registration, management and reporting for identity and service providers participating in a standards compliant SAML 2 identity federation. Management for all aspects of SAML 2 compliant Identity and Service Providers SAML 2.x compliant metadata generation Additional assistance for Shibboleth IDP and SP administrators including automated Attribute Filter generation Public registration for Organizations, Identity Providers and Service Providers that are new to the federation Organizations can have any number of IDP and SP owned by them (service only organizations are popular with publishers for example) A personalized dashboard view of the federation for all users A cross browser (including mobile devices) HTML5 compliant user interface which can be branded for deploying organizations. Multilingual capable A fully customizable workflow engine to handle registrations and other critical federation changes In-depth reporting to gain insight to the workings of the entire federation Federation integrated, automatically provisioned user accounts with fine grained access control Federation Registry

Federation Manager Dashboard 9 – © 2012 Internet2

Create Service Provider 10 – © 2012 Internet2

Create Service Provider:description 11 – © 2012 Internet2

Create Service Provider:SAML configuration 12 – © 2012 Internet2

Create Service Provider:certificate 13 – © 2012 Internet2

Create Service Provider:attributes 14 – © 2012 Internet2

Create Service Provider:submit 15 – © 2012 Internet2

Approving a new Service Provider 16 – © 2012 Internet2

Bring community colleges, K-12 schools and others on-board. Federation-wide single logout: a big one to attack, but lots of requests already. Standardizing requests for two-factor authentication when needed. Future plans

Australian Access Federation: wiki.aaf.edu.au/federationregistry2 Contact for more on I-Trust: Keith Wessel, Resources

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.