Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Federations - Installation and operation

Published byJob Wright Modified over 5 years ago

Similar presentations

Presentation on theme: "Identity Federations - Installation and operation"— Presentation transcript:

1 Identity Federations - Installation and operation
Marco Fargetta - INFN – Italy EthERNet e-Research Hackfest – Addis Ababa (Ethiopia)

2 Several software are available to implement an IdP or an SP
Software available Several software are available to implement an IdP or an SP The most famous are: Shibboleth IdP/SP SimpleSAMLphp Some applications implement the support to SAML without external tools We will concentrate on Shibboleth solutions

3 Many linux distributions already include the package
Shibboleth SP The SP is provided as a module for apache httpd web server Libraries for application developers are provided but they promote the module as the simplest and more efficient solution Many linux distributions already include the package After the installation the main configuration files are in: /etc/shibboleth

4 The files attribute-map.xml and attribute-policy.xml allow to specify:
SP Configuration Inside the main configuration, shibboleth2.xml, file it is important to specify: The parameter for the session If a DS has to be used The IdPs to use for the authentication Can be a list of IdP or a federation file The files attribute-map.xml and attribute-policy.xml allow to specify: The attributes retrieved from the IdP A filter for the attributes

5 Any web application can be configured to work with apache httpd
SP Configuration Apache can be configured to protect a location or a directory with shibboleth If the user try to access the authentication is performed and the user attributes are provided to the application behind Any web application can be configured to work with apache httpd In some cases apache httpd can be configured as a proxy for the real server E. g. java application running on tomcat or similar

6 Shibboleth IdP is a java web application
IdP Configuration Shibboleth IdP is a java web application It perform all the authentication steps User management is out of scope and a separated tool has to be used Last version requires tomcat 8 for the deployment Deployment file has to be defined The configuration is in the conf directory where it is deployed An ansible role has been developed to perform the basic installation An update and tests could be requested

7 User information can be stored in LDAP or RDBMS (e.g. mysql)
IdP Configuration Main items to configure include: The user authentication (ldap.properties) The attribute database (ldap.properties, attribute-resolver.xml and attribute-filter.xml) The accepted SPs (metadata-provider.xml) User information can be stored in LDAP or RDBMS (e.g. mysql) A software can be provided for basic user management in LDAP but not tested with tomcat 8

8 When the IdP or SP is configured it should publish its own metadata
After Configuration When the IdP or SP is configured it should publish its own metadata Metadata should be provided to the other services or the federation Generated metadata miss some information so they should be copied locally to the service and extended The link to the extended version has to be provided

9 Thank you! sci-gaia.eu

Download ppt "Identity Federations - Installation and operation"

Similar presentations

A distributed architecture for crystallography data, metadata, and applications John C. Bollinger Indiana University Molecular Structure Center, Bloomington,

A distributed architecture for crystallography data, metadata, and applications John C. Bollinger Indiana University Molecular Structure Center, Bloomington,
ARCHER’s Security Requirements within the AAF. 2 Research Repository Requirements (relevant to AAF) Identity Management provided by the Federation  Single-sign-on.

ARCHER’s Security Requirements within the AAF. 2 Research Repository Requirements (relevant to AAF) Identity Management provided by the Federation  Single-sign-on.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
SEEM4570: XAMPP, Eclipse, Summary of Html Kangfei Zhao Room 711,ERB

SEEM4570: XAMPP, Eclipse, Summary of Html Kangfei Zhao Room 711,ERB
Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.

Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.
Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.

Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.
Module 1 Introduction to Managing Microsoft® Windows Server® 2008 Environment.

Module 1 Introduction to Managing Microsoft® Windows Server® 2008 Environment.
AAI with simpleSAMLphp

AAI with simpleSAMLphp
Mobile Tech Architecture Overview Phil Sirigiano Technical Services 3/4/2015.

Mobile Tech Architecture Overview Phil Sirigiano Technical Services 3/4/2015.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
SWITCHaai Team Introduction to Shibboleth.

SWITCHaai Team Introduction to Shibboleth.
Projects. High Performance Computing Projects Design and implement an HPC cluster with one master node and two compute nodes. (Hint: use Rocks HPC Cluster.

Projects. High Performance Computing Projects Design and implement an HPC cluster with one master node and two compute nodes. (Hint: use Rocks HPC Cluster.
Shibboleth IdP Training: Productionalization January, 2009.

Shibboleth IdP Training: Productionalization January, 2009.
Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.

Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.
TEIN Shibboleth Training Course Introduction to SAML/Shibboleth at ComLabs USDI ITB, 2014-01-18 (updated version)

TEIN Shibboleth Training Course Introduction to SAML/Shibboleth at ComLabs USDI ITB, (updated version)
Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.

Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.

Similar presentations

Ads by Google