Federation Systems, ADFS, & Shibboleth 2.0

Slides:



Advertisements
Similar presentations
Lousy Introduction into SWITCHaai
Advertisements

Identity Network Ideals – Heterogeneity & Co-existence
Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.
Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Agenda AD to Windows Azure AD Sync Options Federation Architecture
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
TF-EMC2 | Lyon - France | February 2011 SAML WORK WITH SHAREPOINT, OWA, … Jean Marie THIA.
® Practical Approaches to Web Services Authentication 72nd OGC Technical Committee Frascati, Italy Fiona Culloch March 9, 2010 Sponsored and hosted by.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
SWITCHaai Team Federated Identity Management.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
SWITCHaai Team Introduction to Shibboleth.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.
Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)
Navigating the Standards Landscape Andrew Owen SEARCH.
Federated Identity and Shibboleth Concepts Rick Summerhill Chief Technology Officer Internet2 GEC3 October 29, 2008 Slides by Nate Klingenstein
Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, Supervisor: Dr. Steve Cassidy.
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.
Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.
Shibboleth 2.0 Update Ken Klingenstein. 2 Topics Shib v1.3 Status SAML new features Shibboleth 2.0 Features Shibboleth 2.x Features We Need Feedback.
The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
June 9, 2009 SURFfederatie: implementing a multi- protocol federation Hans Zandbelt & Joost van Dijk, SURFnet.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
Workshop on Security for Web Services. Amsterdam, April 2010 Applying SAML to Identity Data Exchange.
Project Moonshot Daniel Kouřil EGI Technical Forum
Security Assertion Markup Language, v2.0 Chad La Joie Georgetown University / Internet2.
Web SSO with Cloud Resources using AD Federation Services
Access Policy - Federation March 23, 2016
David Millman—Columbia January 2005
Law Enforcement Information Sharing Program (LEISP) Federated Identity Management Pilot February 27, 2006.
Azure Active Directory - Business 2 Consumer
Analyn Policarpio Andrew Jazon Gupaal
Shibboleth Roadmap
HMA Identity Management Status
Géant-TrustBroker Dynamic inter-federation identity management
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
ESA Single Sign On (SSO) and Federated Identity Management
ACS and ADFS.
What’s changed in the Shibboleth 1.2 Origin
Technical Approach Chris Louden Enspier
Office 365 Identity Management
Office 365 Identity Management
UK Federation 101 Ian A. Young EDINA, University of Edinburgh (and the UK Federation) Internet2 Fall Member Meeting, 7 Dec Shibboleth Development.
Device Registration and Multi-Factor Authentication
Presentation transcript:

Federation Systems, ADFS, & Shibboleth 2.0 Chad La Joie clajoie@georgetown.edu Georgetown University / Internet2

Federations Foundation for business relationships Provide common: Policy base Protocol and Attribute Definitions Participant Endpoint Metadata Business Practices Inter-federation agreements Bi-lateral and multi-lateral trust on a business and technical oriented level

Federation Systems Federation Systems are not: Virtual/Meta Directories Identity Management systems Account provisioning systems Authentication systems Authorization systems

Federation Systems Federation Systems: Use existing identity management systems Transmit authentication information Transmit identity attributes Release information based on policy Identify, authenticate, and secure communication between endpoints

Active Directory Federation Service WS-Federation Passive Profile Interoperability Scenario SAML 1.1 Assertion Payloads Web application, Single-Sign On focused Supported in Windows 2003 Server, R2 Is not related to InfoCard

Active Directory Federation Service Strong Points Remote users mapped onto AD accounts and groups without need for shadow accounts Expose AD user and attributes to standalone applications hosted on heterogeneous platforms Easy to enable ADFS Account Partner (IdP) support for an AD system

Active Directory Federation Service Weak Points Currently does not inter-operate with MS products like Outlook Web Access Endpoints described by non-standard metadata Resource provider set up is confusing Almost non-existent documentation of PKI mechanics Difficult to implement mechanics to deal with new attributes No plans to continue development of WS-Fed; InfoCard is the future

Shibboleth 2.0 What's new Internalized authentication and a concept of a user session Support for SAML 2.0 Single Sign-On, Single Logout, and Attribute Query Persistent Identifiers Enhanced Attribute Authority and Connectors Java Service Provider Better documentation Scheduled for release end of 2006

Shibboleth 2.0 What's the same SAML 1.0 and 1.1 support U.S. eAuth and ADFS support Apache/IIS/iPlanet C++ SP ARP and AAP policies

Shibboleth 2.0 What's not there Delegation/Proxy/N-Tier support SAML 2.0 NameID mapping/management WS-Security and WS-SX support Account Linking

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.