Presentation is loading. Please wait.

Presentation is loading. Please wait.

Service Provider. Background Versions 1.2 1.3 (since July ‘05) 2.0 (beta expected May ‘06)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Service Provider. Background Versions 1.2 1.3 (since July ‘05) 2.0 (beta expected May ‘06)"— Presentation transcript:

1 Service Provider

2 Background

3 Versions 1.2 1.3 (since July ‘05) 2.0 (beta expected May ‘06)

4 Platform cross-platform C++ Microsoft ISS via ISAPI Apache httpd 1.3 & 2.0 Java shib 2.0

5 Service Provider shibd apache mod_shib Identity Provider

6 Building it

7 Binaries Redhat RPMs since 1.3 much easier (if suitable) http://shibboleth.internet2.edu/latest.htm l http://shibboleth.internet2.edu/latest.htm l

8 Documentation Dropped from shib docs as of 1.3 in favour of wiki......but partially missing from wiki https://authdev.it.ohio-state.edu/twiki/ select “Shibboleth Web”

9 Install guide Not part of our original project plan......but in draft.

10 Dependencies: easy apxs (apache-dev) libssl-dev libcurl-dev Should be available with your O/S

11 Dependencies: intermediate opensaml libxml-security-c

12 Dependencies: harder xerces-c via Internet2, bug in upstream log4cpp via Internet2, project in limbo

13 Other bits Service (/etc/init.d) script steal from the redhat packages if your init.d works the same

14 First go Hello world local to apache server no internal Auth{N/Z} notion

15 example

16 First go set wayfURL to your local IDP self-signed certificates logout?

17 Authorization

18 access control by the server by the application by a framework

19 application-managed

20 server-managed apache httpd.conf /.htaccess files shibboleth 1.3b XML-based

21 apache-based Require entity-name [entity-name]

22 shibboleth-based relatively new, added in 1.3b performance questions

23 member@dur.ac.uk member@ncl.ac.uk urn:mace:example.edu:exampleEntitlement

24 dealing with walk-ins “kiosk”-types, e.g. library terminals mod_auth_location http://staff.washington.edu/fox/authlocati on/module.html http://staff.washington.edu/fox/authlocati on/module.html

25 framework-managed Java AuthN & AuthZ Services (JAAS) Active Directory Federated Services (ADFS) covered later

26 Use Cases

27 A real service a local app with internal user auth{N/Z} hack in “trusting” an environment variable e.g. $REMOTE_USER on-the-fly account creation deletion? logout?

28 Example: sympa mailing list manager attributes via environment variables app-configurable mapping authorization handled by apache a canonical URL defined by sympa

29 Sympa’s logout two-stage login: authenticated by shibboleth explicitly asked to be “logged in” (demo)

30 external services shibboleth/apache front-end “black-box” back-end e.g. proxying (via mod_proxy) or fastCGI

31 Service Provider shibd apache mod_shib Identity Provider

32 back-endfront-end apache mod_shib shibd mod_proxy Identity Provider

33 mod_proxy front-end ProxyPass /jon http://front.ncl.ac.ukhttp://front.ncl.ac.uk ProxyPassReverse /jon http://front.ncl.ac.ukhttp://front.ncl.ac.uk AuthType shibboleth ShibRequireSession on Require valid-user

34 On the back-end Order deny,allow Deny from all Allow from shib-front-end.ncl.ac.uk

35 Shortcomings IP spoofing on the back-end cookie scope certificate scope

36 example again

Download ppt "Service Provider. Background Versions 1.2 1.3 (since July ‘05) 2.0 (beta expected May ‘06)"

Similar presentations

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.

Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
Introduction to Identity Management Federation Kazu Yamaji, National Institute of Informatics, Japan.

Introduction to Identity Management Federation Kazu Yamaji, National Institute of Informatics, Japan.
Shibboleth at Newcastle Caleb Racey Webteam ISS Shibboleth experiences Program  Background  What shib has enabled  Benefits of shib  How to do shib.

Shibboleth at Newcastle Caleb Racey Webteam ISS Shibboleth experiences Program  Background  What shib has enabled  Benefits of shib  How to do shib.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
CUWebAuth Technical Presentation Pete Bosanko Identity Management Team.

CUWebAuth Technical Presentation Pete Bosanko Identity Management Team.
TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.

TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.
Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.

Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.
Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.

Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.
August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee.

August 25, SSO with Microsoft Active Directory Presented by: Craig Larrabee.
ARC312. Security Policy Governance Audit Reporting Analysis Data Quality Directory Logon Mobility Provisioning Development Access Control Authentication.

ARC312. Security Policy Governance Audit Reporting Analysis Data Quality Directory Logon Mobility Provisioning Development Access Control Authentication.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
(Duo) Multifactor at Carleton College work in progress Rich Graves 8-28-14 1.

(Duo) Multifactor at Carleton College work in progress Rich Graves
SWITCHaai Team Introduction to Shibboleth.

SWITCHaai Team Introduction to Shibboleth.
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
An introduction to Apache. Different Types of Web Servers Apache is the default web server for may Unix servers. IIS is Microsoft’s default web server.

An introduction to Apache. Different Types of Web Servers Apache is the default web server for may Unix servers. IIS is Microsoft’s default web server.
Shibboleth Possible Features – Version 2 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.

Shibboleth Possible Features – Version 2 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

Similar presentations

Ads by Google