Presentation is loading. Please wait.

Presentation is loading. Please wait.

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus."— Presentation transcript:

1 UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus Wide LDAP was a subset of data from PH / QI –Applications used (and still use) LDAP or PH / QI to read user attributes –UCI’s PH / QI schema had a much larger set of attributes

2 WebAuth -- UCI’s Web SSO Custom built for UCI Info:http://www.nacs.uci.edu/help/webauth/http://www.nacs.uci.edu/help/webauth/ Authenticates a UCInetID Returns attributes to the application regarding the session Maps UCInetID to campusID, studentID, employeeID

3 Changes to the IdM Setup Shibboleth (Shib) does not come with a PH / QI data connector –LDAP required to be Shib attribute store –LDAP schema needs to be expanded to hold all PH / QI attributes –Attribute names also need change to reflect standard InetOrg naming. WebAuth Ideal Web SSO for use with Shib –Apache Module already written for use with WebAuth

4 Creating a Shib Origin Installation was easy using the guide on Internet2’s website. Origin runs on tomcat using ModJK connector to Apache UCI joined InQueue and InCommon Federations –InQueue, Internet2’s test federation is joined very easily –InCommon required documentation about UCI’s identity management practices

5 Testing Pilot origins to be tested with UCOP’s UC for Yourself benefits application. Testing found some things to be aware of: –Attribute Release Policies depend on SSL Client Verify Information –MetaData about federation must be current

6 Current Status New LDAP Schema in Production UCI is a member of InCommon Production != Use –Currently, zero UCI applications use Shib WebAuth and expanded attributes in LDAP is sufficient for internal use –External use depends on release policy agreements with other organizations

7 UCI’s Shib Potential Administrative Computing interested in Shib as a standard for vendor software authentication / authorization Library interested in Shib as replacement to VPN to access subscriptions –Some subscriptions already support the InCommon federation already such as Science Direct UC Wide wireless registration??

Download ppt "UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus."

Similar presentations

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,

Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with.

UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Shibboleth and InCommon Copyright Texas A&M University 2008. This work is the intellectual property of the author. Permission is granted for this material.

Shibboleth and InCommon Copyright Texas A&M University This work is the intellectual property of the author. Permission is granted for this material.
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March 3. 2008.

Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.

Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
AAI with simpleSAMLphp

AAI with simpleSAMLphp
State of Information Technology Presentation for Faculty Council November 14, 2013 Mike Carlin Vice Chancellor for IT and CIO.

State of Information Technology Presentation for Faculty Council November 14, 2013 Mike Carlin Vice Chancellor for IT and CIO.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.
Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.

Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.
INTEGRATION WITH OTHER IDM SOLUTIONS Remember… The primary goal of KIM was to build a service- oriented abstraction layer for Identity and Access Management.

INTEGRATION WITH OTHER IDM SOLUTIONS Remember… The primary goal of KIM was to build a service- oriented abstraction layer for Identity and Access Management.
I2Q & WMnet Pilot Presented by Jason Rousell – i2Q Jay Neale - i2Q.

I2Q & WMnet Pilot Presented by Jason Rousell – i2Q Jay Neale - i2Q.
7 October 2015 Shibboleth. Agenda  Shibboleth Background and Status  Why is Shibboleth Important (to Higher Ed)?  Current Pilots Course Management.

7 October 2015 Shibboleth. Agenda  Shibboleth Background and Status  Why is Shibboleth Important (to Higher Ed)?  Current Pilots Course Management.

Similar presentations

Ads by Google