Unicon IAM Update
CAS, Shibboleth, Grouper

13 February 2014Mike Grady Misagh Moayyed

Audio is via Adobe Connect. There is no phone dial-in.

Welcome to this briefing

Updates on CAS, Shibboleth and Grouper

Unicon contributions to CAS, Shibboleth and Grouper

Unicon's Open Source Support

Thanks, Q&A

Unicon's CAS strategy* Participate directly in CAS* Develop open source software on behalf of clients* Inform maintenance development through supportYou have to source your support somewhere* In-house staff* Goodwill and engagement of the community* Commercial partner (e.g., Unicon)* (Reality Often combination of these)Unicon's "Cooperative" Support* Cooperates with you, your staff, the community* Support experiences yield improved public documentation* Support-inspired and subscriber-needs-guided open source maintenance development** Directly in and available for adoption with the Jasig CAS softwareThank you to our support subscribers!* Support subscriptions make Unicon maintenance development possible* Support experiences and subscriber input guide Unicon maintenance development towards the worthwhile

Introduction:
Mike Grady

IAM, Shibboleth, CAS, Internet2 Scalable Privacy

36 years at University of Illinois before Unicon

Unicons Open Source Support for Shibboleth technical lead

Introduction:
Misagh Moayyed

IAM, Shibboleth, CAS, uPortal, uMobile

2 years full time with Unicon

Unicons Open Source Support for CAS technical lead

This session is being recorded.

Will post after:

Slides

Notes blog post with useful hyperlinks

Slidecast with audio

Observations and Highlights

Identity Week, November 11-15 2013: REFEDS, CAMP, ACAMP
Burlingame, CA

Apereo Camp, January 27-30 2014:
CAS, uPortal, OpenRegistry, Sakai
Mesa, AZ

Past Events

Upcoming Events

Shibboleth Workshop Series - March 24-25
Durham, NC

Internet2 Global Summit - April 6-10
Denver, CO

Open Apereo 2014 - June 1-4
Miami, FL

Internet2 Technology Exchange Oct 26-30
Indianapolis, IN

Highlights
About CAS

CAS4

RC3 released. To RC4 and beyond...

APIs to support MFA use cases

Password policy improvements

CAS documentation revamp;
See http://jasig.github.io/cas

CAS4 - Documentation

Highlights
About Shibboleth

Shibboleth

IdP v3 development in progress;
https://wiki.shibboleth.net/confluence/display/DEV/IdP3Details

Community news at http://shibboleth.net/community/news

Latest versions: IdP v2.4.0, SP v2.5.3

Identity Provider v3

Release Goals:Support extensions (i.e uApprove) within profiles

Improve rough spots in the API

V2 protocol interoperable; API-incompatible
https://wiki.shibboleth.net/confluence/display/IDP30/Software+Design

Q3 Fall 2014 release is planned

Multi-Context Broker
https://github.com/Internet2/Shibboleth-Multi-Context-Broker

IdP LoginHandler to orchestrate among multiple authentication contexts, including MFA.

Provide support for InCommon Assurance initative

Pluggable authentication modules

V1.0.0 is now available

Highlights
About Grouper

Grouper v2.2
http://goo.gl/5LrGAR

Release expected by late Spring

Services in Grouper

Ability to write SCIM

Improved Grouper configuration

...and...

New Grouper UI!
http://grouper-ui.uchicago.edu/hifi

Highlights About Unicon Participation in CAS, Shibboleth and Grouper

Open Source Support

Support for open source software as adopted by the community

Unicon collaborates to maintain the supported open source software making it more supportable and valuable to subscribers

Act in the best interests of the subscribers, of the community, and of Unicon

CAS-related progress

CAS

Password policy improvements

Attributes in the CAS response

cas-addons

https://github.com/Unicon/cas-addons

Latest available release: 1.10

New extensions:Hazelcast ticket registry

Dynamic login view selection

Request-based ticket expiration policy

cas-addons - HazelcastTicketRegistry

UniconLabs
https://github.com/UniconLabs

cas-strap

cas-sso-sessions-report

service-registry-pattern-tester

...

Shibboleth-related progress

Shib-CAS authenticator v2

https://github.com/UniconLabs/shib-cas-authn2

CAS LoginHandler for Shibboleth Idp v2.x

Simpler, externalized configuration

No context-sharing requirement

Communicate the entityId to CAS

Currently in BETA status

Shib-CAS authenticator v2

CAS-Shibboleth:
Integration possibilities

Shib-CAS-authenticator v2 combined with Multi-Context broker?

CAS attributes to supplement the IdP's authentication context?

CAS to resolve/release attributes to the IdP?

...reduce duplicate configuration and overhead

Shib-Config-UI

https://github.com/UniconLabs/shib-config-ui

Web interface to explore the configuration:What attributes are released to this SP?

What is the SSO session length?

Further UI enhancements and features planned

Future work

In discussion with developer community to find more ways to assist

Finalizing Tomcat7 DTA-SSL

Particular missing features you need?

Grouper-related progress

AuthZ Connectors

Grouper & Apache Shiro

Grouper & Spring Security

Grouper & .NET Framework

Grouper & Person Directory

Grouper & OAuth w/ CAS

https://spaces.internet2.edu/display/Grouper/Unicon+Grouper+Contributions

More potential

Additional authZ connectors?

CAS-SSO for Grouper?

Grouper & uPortal: Roles and Permissions?

Next Steps

What we do

Collaborate to maintain current stable recommended releases

Work towards next releases

Explore extensions and opportunities

Responsive to inputs from subscriber experiences

Explicit requests

Learn from providing support

Empathize with your needs and projects

Feedback welcome

Subscribers are welcome encouraged to get in touch directly if youd like any of this information contextualized to your specific situation. E.g., Should I upgrade to the next release of shib-cas-authenticator?

By all means, do get in touch.

Lets do this again.

Next Unicon IAM Update:

Thursday June 19th 2014

12 PM MST

Questions / Discussion via Adobe Connect chat?

Mike Grady,
Support for Shibboleth Technical Lead mgrady@unicon.net

Misagh Moayyed,
Support for CAS Technical Lead
mmoayyed@unicon.net

(License)

This work is licensed under the Creative Commons Attribution-NonCommercial 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/3.0/us/.

Photo credits

Personal photos of Mike, and Misagh: all rights reserved.

Microphone:
http://www.flickr.com/photos/deanhp/3711222265/
http://creativecommons.org/licenses/by/2.0/deed.en