Presentation is loading. Please wait.

Presentation is loading. Please wait.

Infrastructure for Multi-Professional Education and Training Using Shibboleth.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Infrastructure for Multi-Professional Education and Training Using Shibboleth."— Presentation transcript:

1 Infrastructure for Multi-Professional Education and Training Using Shibboleth

2 The setting: A user of 'University A‘ (IDP) wants to access a Shibboleth protected resource ‘Test Resource 1' hosted on ‘www.shibboleth.dmu.ac.uk’ (SP) Shibboleth Demo Overview WAYF – Where Are You From ? IDP – Identity Provider SP – Service Provider

3 Shibboleth Demo Summary Phase 1: User connects to Resource and is RedirectedUser connects to Resource and is Redirected Phase 2: IDP SelectionIDP Selection Phase 3: User Authentication at Corresponding Home OrganizationUser Authentication at Corresponding Home Organization Phase 4:Access to Resource GrantedAccess to Resource Granted

4 Phase 1 - User connects to Resource and is Redirected cont’d Click Here for Notes

5 Phase 2 - IDP Selection cont’d Click Here for Notes

6 Phase 2 - IDP Selection cont’d Click Here for Notes

7 Phase 3 - User Authentication at Corresponding Home Organization cont’d Click Here for Notes

8 Phase 3 - User Authentication at Corresponding Home Organization cont’d Click Here for Notes

9 Phase 4 - Access to Resource Granted cont’d Click Here for Notes

10 Phase 4 - Access to Resource Granted cont’d Click Here for Notes

11 Phase 4 - Access to Resource Granted cont’d Click Here for Notes

12 Phase 4 - Access to Resource Granted cont’d Click Here for Notes

13 Transaction Summary

14 Notes

15 When the user tries to access the resource one of the following two things could happened. A. The user is granted access to the resource directly: Since the user already had a valid Shibboleth session, the user was granted access directly. This can be the case if the user previously authenticated. B. The user is redirected to the WAYF server: When the user tried to access the resource, the web server on that host detected that the user had not set up a Shibboleth session. Therefore, the user was redirected to the WAYF server. Phase 1 - User connects to Resource and is Redirected

16 Phase 1 - User connects to Resource and is Redirected cont’d Step 1: When the user tried to access the 'resource', The users web browser sent a HTTP request to 'shibboleth.dmu.ac.uk' for the webpage '/test_resource/resource1.jsp‘ Step 2: The web server answered with a HTTP Redirect to the WAYF server located at 'shibboleth.dmu.ac.uk/shibboleth- wayf/WAYF' because the user was not yet Shibboleth authenticated See Diagram

17 Phase 2 - IDP Selection Step 3: The WAYF server sent to the users web browser a HTML webpage with the pop-up list with all IDP's available. See Diagram See Screenshot

18 Phase 3 - User Authentication at Corresponding Home Organization Step 4: The user web browser sent the form data to the WAYF server 'shibboleth.dmu.ac.uk/shibboleth-wayf/WAYF' for the webpage '/test_resource/resource1.jsp'. The data sent, is basically the selection you made for the IDP. Step 5: The WAYF server sent your web browser a HTTP Redirect that made your web browser send a HTTP Request for the tomcat form login page of your IDP. Step 6: The web server Desktop IDP ('idp.shibboleth.dmu.ac.uk') if selected as your IDP answers with its tomcat form login webpage. See DiagramSee Screenshot

19 Phase 4 - Access to Resource Granted Step 7: When you clicked on 'Log in', your web browser submitted your user ID and password (your 'Credentials') to the web server of your IDP ('idp.shibboleth.dmu.ac.uk') Step 8: The web server checks the validity of user ID and password provided. An HTTP Redirect is sent to your web browser that forwards you to the resource you initially requested. Together with this redirect your web browser receives a handle (some opaque data). The web browser forwards this handle to the web server of the resource. See Diagram

20 Phase 4 - Access to Resource Granted cont’d Step 9: When the web server of the resource receives a handle from a user, it directly sends an attribute request to the IDP of the user by sending the handle it just received. Step 10: At the Home Organization, the handle received from the resource gets checked. To be valid, it must be presented by the resource it was issued for in step 8 and in time, i.e. before its timeout is reached. If valid, the requested user attributes for the user referred to by the handle are transmitted to the resource and checked against the attribute restraints placed on the resource. If the attributes match the restraint the target resource is shown otherwise a error page is shown stating the user is not authorised. See Diagram

Download ppt "Infrastructure for Multi-Professional Education and Training Using Shibboleth."

Similar presentations

Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.

Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.
AAI for Apps Using AAI with your Smartphone Daniel Latzer Zürich, April 2013

AAI for Apps Using AAI with your Smartphone Daniel Latzer Zürich, April 2013
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug 2013 - scotthel.me.

Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug scotthel.me.
ONLINE TEACHING EVALUATION 2.0 Spring 2009 Pilot Instructions for Students DePaul University.

ONLINE TEACHING EVALUATION 2.0 Spring 2009 Pilot Instructions for Students DePaul University.
DT211/3 Internet Application Development JSP: Processing User input.

DT211/3 Internet Application Development JSP: Processing User input.
Dynamic Web Pages. Web Programming  All our web pages so far have been static pages. 1. We create a web page 2. We upload it to the web server 3. People.

Dynamic Web Pages. Web Programming  All our web pages so far have been static pages. 1. We create a web page 2. We upload it to the web server 3. People.
Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.

Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
How To Batch Register Your Students

How To Batch Register Your Students
Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.

Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.
Federated A(A(A))I Jens Jensen hepsysman, RAL, 20110701.

Federated A(A(A))I Jens Jensen hepsysman, RAL,
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.

Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
Introduction: This VCSS training session has been developed to provide : I.A quick overview of VCSS II.A walk through of the main VCSS features III.Solutions.

Introduction: This VCSS training session has been developed to provide : I.A quick overview of VCSS II.A walk through of the main VCSS features III.Solutions.
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
Shibboleth IdP Training: Productionalization January, 2009.

Shibboleth IdP Training: Productionalization January, 2009.
Integrating with UCSF’s Shibboleth system

Integrating with UCSF’s Shibboleth system
Web Design (5) Navigation (1). Creating a new website called ‘Navigation’ In Windows Explorer, open the folder “CU3A Web Design Group”; and then the sub-folder.

Web Design (5) Navigation (1). Creating a new website called ‘Navigation’ In Windows Explorer, open the folder “CU3A Web Design Group”; and then the sub-folder.

Similar presentations

Ads by Google