campuses new to shibboleth: websso barry johnson

Report

Post on 18-Jan-2018

215 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

DESCRIPTION

“We aren't doing science here, we're just trying to get people logged on" - Mike Marshall

TRANSCRIPT

Campuses New to Shibboleth: WebSSO

Barry Johnsonhbj@clemson.edu

Who is this guy?• 18 years with Clemson IT • Director of Services Engineering• Developer and Sysadmin at heart• Creator of Clemson’s current

WebSSO system

“We aren't doing science here, we're just trying to get people logged on"

- Mike Marshall

Overview• Why use Shib?• How does it work?• Getting Started• Installation• The Experience• Info for Developers

Why use Shib for SSO?• Multi-platform• Built on proven technologies• An enabler secure collaboration

How does it work?

What do I need to get started?

• A solid identity store for Authentication

• LDAP• SQL• A good API

• Server Resources for the IDP• Good Sysadmins

Apache, Tomcat, IIS, XML, PKI

Installation

• IDP – Identity Provider• SP – Service Provider

Installation: IDP• Install Apache• Install Tomcat• Front IDP with Apache and

delegate authentication to Apache• Configure trust

• idp.xml, arp.xml, etc...

https://spaces.internet2.edu/display/SHIB/InstallingShibboleth

Installation: SP• LAMP: Apache module and a

daemon• IIS: ISAPI module and service• Configure trust

shibboleth.xml, aap.xml, etc...

https://spaces.internet2.edu/display/SHIB/InstallingShibboleth

Shib: The Experience• Users

• They may thank you, or they may not even notice

• Developers• If they already delegate authentication to the

server, they may not notice either• If they currently handle authentication

themselves, they may love or hate you.• Security & Sysadmins

• They'll thank you later

Developers• Who is logged in?

User information is in the headers

• PHP: $_SERVER['REMOTE_USER']• ASP:

Request.ServerVariables("REMOTE_USER")• JSP: request.getHeader("REMOTE_USER")• Perl: $ENV{"REMOTE_USER"}•

http://shib.kuleuven.be/download/sp/test_scripts/

Again, why Shib?• So much more than WebSSO

Enabler for secure collaboration• sharing web resources beyond your institution

Tool for implementing privacy policies• clearing house for user attributes

Tool for role-based authorization• enables fine-grained control based on user

attributes

Learn more• Come to our next session:

June 26 Tuesday 10:15-11:30Campuses New to Shibboleth: Attribute Delivery

• On-line resources:http://shibboleth.internet2.edu

http://shibboleth.internet2.edu/
http://shibboleth.internet2.edu/

Questions?

top related

shibboleth 2.0: 6 months later… shibboleth 2.0 -- again...
Documents
shibboleth identity provider (idp) - clarin · shibboleth...
Documents
 · leibniz universität it services websso websso login...
Documents
shibboleth identity provider
Documents
shibboleth & shibboleth consortium
Documents
holly eggleston, ucsd shibboleth and library resources...
Documents
shibboleth tutorial
Documents
interoperability shibboleth - glite
Documents
shibboleth sp logout support - shibboleth training...
Documents
lemonldap::ng - the new generation websso !, david...
Technology
websso and access management with lemonldap::ng
Technology
integrating hitachi id management suite with websso systems
Technology
shibboleth and inspire
Technology
david kennedy, umd shibboleth and library resources...
Documents
shibboleth roadmap -- 2005
Documents
2 - shibboleth idp installation
Documents
federated shibboleth, openid, oauth, and multifactor...
Documents
overview of shibboleth service - university of...
Documents
shibboleth sp virtualization - shibboleth training 2015 ·...
Documents
shibboleth setup
Documents