Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, 2010 8:30 am.

Slides:



Advertisements
Similar presentations
Towards Common Identity Services Tom Barton University of Chicago.
Advertisements

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.
Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.
Introduction to Kuali Rice ITANA Screen2Screen: Kuali on Campus May 2009 Eric Westfall – Kuali Rice Project Manager.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
WSO2 Identity Server Road Map
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
CASE STUDY: UNIVERSITY OF CALIFORNIA, DAVIS. UNIVERSITY OF CALIFORNIA, DAVIS Implemented Rice in October 2009 Integrated home-grown Faculty Merit.
Implementing Kuali Identity Management at your Institution Kuali Days VIII San Antonio Texas Pre-conference Workshop Monday, November 16, a.m. -
AAI with simpleSAMLphp
Introduction to Kuali Rice Presented at Internet2 April 2009 Eric Westfall – Kuali Rice Project Manager Bill Yock – Vice Chair, Kuali Rice Board of Directors.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects.
Kuali Rice at Indiana University Rice Setup Options July 29-30, 2008 Eric Westfall.
SWITCHaai Team Introduction to Shibboleth.
Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Eric Westfall – Indiana University Jeremy Hanson – Iowa State University Building Applications with the KNS.
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.
Grouper at the University of Minnesota Christopher A. Bongaarts Grouper Virtual Working Group May 20, 2013.
RECALL THE MAIN COMPONENTS OF KIM Functional User Interfaces We just looked at these Reference Implementation We will talk about these later Service Interface.
Identity Management Access control / access management
Open source administration software for education software development simplified Kuali – IDM Requirements Summary Eric Westfall - Indiana University Matt.
SAML Right Here, Right Now Hal Lockhart September 25, 2012.
INTEGRATION WITH OTHER IDM SOLUTIONS Remember… The primary goal of KIM was to build a service- oriented abstraction layer for Identity and Access Management.
KUALI IDENTITY MANAGEMENT Provides services for Identity and Access Management in Kuali Integrated Reference Implementations User Interfaces An “integration.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
Shibboleth for Real Dave Kennedy
Building Applications with the KNS. The History of the KNS KFS spent a large amount of development time up front, using the best talent from each of the.
Shibboleth 2.0 IdP Training: Authentication January, 2009.
Emerson David – University of California Davis David Elyea – San Joaquin Delta College Scott Gibson – University of Maryland Jeremy Hanson – Iowa State.
ArcGIS Server for Administrators
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
Kuali Identity Management Overview. Why did we write KIM? Common Interface for Kuali Applications Provide a Fully-Functional Product A Single API for:
Shibboleth for Local Attribute Delivery 21 June 2007.
U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.
Kuali Rice A basic overview…. Kuali Rice Mission First and foremost to provide a consistent development framework and common middleware layer for Kuali.
Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, am.
Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.
Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.
Kuali Rice: General Overview Brian McGough Kuali Rice Project Manager Kuali Lead Architect Director, Enterprise Software, IU May 13, 2008.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
KIM: Kuali Abstraction Layer for Identities, Groups, Roles, and Permissions.
February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.
Oracle HFM Implementation Boot Camp
Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, am.
Campuses New to Shibboleth: WebSSO Barry Johnson
LDS Account and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions.
Module 8 Implementing Security Using Group Policy.
What’s new with Grouper 26-April-2010, Spring Member Meeting Chris Hyzer, Grouper developer.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.
Access Policy - Federation March 23, 2016
Using Your Own Authentication System with ArcGIS Online
Sakai ID & Access Management
LIGO Identity and Access Management
Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd
Identity Management (IdM)
Analyn Policarpio Andrew Jazon Gupaal
Implementing Kuali Identity Management at Your Institution
Federation made simple
HMA Identity Management Status
ESA Single Sign On (SSO) and Federated Identity Management
Open Source Web Initial Sign-On Packages
Office 365 Identity Management
Community AAI with Check-In
Implement Web Application Proxy (WAP)
INTEGRATIONS WITH Single Sign-On
Presentation transcript:

Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am

2 Kuali Identity Management: Introduction and Implementation Options Eric Westfall Indiana University Dan Seibert University of California, San Diego

Integrating KIM with other IdM products Implementing Kuali Identity Management at your Institution 3

4 What is KIM? A module of Kuali Rice Common Interface and Service Layer Integrated Reference Implementation Set of User Interfaces KIM is not just “Identity Management”, it’s also “Access Management”

5 What KIM is Not A Full-Fledged Identity Management System Provisioning Hooks to update other systems Duplication Management An Identity Aggregator An Authentication Implementation

Why Did We Create KIM?

7 Motivations Expansion of Kuali Common Identity Management API Consistent Authorization Implementation

8 What we did not want KF S KC KS IDM

9 What we did want KF S KC KS KI M

10 Design Considerations Existence of Other IdM Solutions Legacy/Existing Implementations Replaceable Services Separation of Concerns Service Bus Maintenance GUIs

KIM Terminology

12 KIM Terminology Namespace Entity Principal Principal ID Principal Name Person Entity Type

13 KIM Terminology Group Role Qualifier Permission / Permission Template Responsibility / Responsibility Template

14 Namespace Prevent Naming Conflicts Allow for Permissions to be Segmented Examples: KR-KNS KR-WRKFLW KFS-SYS KFS-AP KC-SYS

15 Entity Principal Principal ID Principal Name Entity Type Names Addresses Phone Numbers Addresses

16 Group Namespace Group Type Attributes

17 Role Namespace Role Type Qualifiers Role Type Services Delegations Primary Secondary

18 Permission / Permission Template Permission Template Permission Permission Details Permission Type Service Assigned to Roles

19 Responsibility / Responsibility Template Responsibility Template Review Resolve Exception Responsibility Responsibility Details Responsibility Type Service Assigned to Roles

KIM Services

21 Components Service Interface API Reference Implementation Functional Maintenance User Interfaces

22 KIM Core Services Identity Service Group Service Role Service Permission Service Responsibility Service “Authentication” Service

23 Other KIM Services Identity Management Service Role Management Service Person Service Identity Archive Service “Update” Services

24 KIM Service Architecture

25 Remember… The primary goal of KIM was to build a service-oriented abstraction layer for Identity and Access Management Integration with other IDM services was acknowledged, expected, and designed for!

26 KIM Integration Rice Databas e Identit y Servic e Responsibili ty Service Permissio n Service Group Servic e Role Servic e KIM Service Layer Reference Implementations OpenRegistry ?

Integrating KIM with other IdM products Implementing Kuali Identity Management at your Institution

28 KIM Integration Integration with various Identity Management Systems

29 with Intra-campus Web SSO Federated Access to a Rice application KIM as an Identity Provider (IdP) Using Shibboleth Attributes for KIM authorization

30 with Intra-campus Web SSO Federated Access to a Rice application KIM as an Identity Provider (IdP) Using Shibboleth Attributes for KIM authorization

31 with Federated Authentication Shibboleth Login Process

32 with Federated Authentication Protecting a Rice application as a Service Provider (SP) A web server and openssl must be available first Install Shibboleth Configure the web server Override KIM Authentication Service Start the Shibboleth daemon, shibd

33 with KIM as an Identity Provider Prerequisites: SSL certificate, source of SAML Metadata Install Shibboleth IdP Load SAML Metadata Configure KIM as the User Authentication Mechanism

34 with KIM as user Authentication Mechanism Define Login Handler to match AuthenticationService Impl Ex: Remote User for reference AuthenticationServiceImpl Username/Password for LDAP Impl

35 with Authorization Attributes Shibboleth Attributes as KIM Authorization Identify Attribute Sources Define Policies for Attribute Handling, for SPs Define New Business Processes Define New Policies

36 with Federated Authentication

37 with Collaborative development of KIM/Grouper Adaptors Chris Hyzer, University of Pennsylvania Differences between KIM and Grouper How they might work together

38 with Differences between KIM and Grouper

39 with Adapter Overview Custom Implementation of KIM Services using Grouper Client API GroupService GroupUpdateService IdentityService

40 with Installation grouperClient.jar grouperKimConnector.jar grouper.client.properties Override kimGroupService

41 Integrating KIM with LDAP UofA LDAP Integration Approach (UCDavis, SJDC also have implementations) Using CAS to connect to LDAP

42 KIM with LDAP (UofA example) UA netid is used for authentication Identity information is available in UA’s Enterprise Directory Service (EDS) Connect to EDS using Spring LDAP and overriding the KIM IdentityService KIM ParameterService provides map between KIM and LDAP attributes In order to use the KIM GUI’s properly, the UIDocumentService is also overridden

43 Integrating KIM with LDAP Configure CAS to connect to LDAP

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.