Federated Identity to Support Collaboration in the CIC Tim Newcomb, CIC Marko Stojkovic, CIC Rahul Doshi, Indiana University Copyright Tim Newcomb, Marko Stojkovic, Rahul Doshi 2009. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the authors." Member schools of CIC, the Committee on Institutional Cooperation, have joined the InCommon Federation and are federating their first application together! CICme, the CIC's online collaboration tool, based on Microsoft SharePoint, was selected first for its ability to allow all CIC users to use their home usernames and passwords to access a wide range of interactive tools to support their work. We will discuss the goals of the project, the issues we faced, and the technology and processes we developed to implement our federated solution.
Agenda About the CIC CICme built on MS SharePoint & Shibboleth Overview/Demo of CICme Solution Challenges Faced Q & A
What We Do Leverage resources for cost efficiency Share resources such as laboratories and libraries Accelerate the adoption of best practices Provide academic leadership for the region University of Chicago University of Illinois Indiana University University of Iowa University of Michigan Michigan State University University of Minnesota Northwestern University Ohio State University Pennsylvania State University Purdue University University of Wisconsin-Madison
Based on Microsoft SharePoint (WSS 3.0) CIC groups share documents and other resources CICme sites are private – only CIC group accessible Accessible by Federated and Non-Federated users alike
Why Federate CIC Institutions ? Create common authentication framework Reduce user hassle by using familiar campus logins Allow local campus to set login security requirements
Peer Collaboration UIUC Purdue UC Mich PSU IU NWU Iowa OSU MSU Minn UW-Mad Mich PSU IU NWU Iowa OSU MSU Minn
CIC Collaboration CICme UIUC Purdue UC Mich PSU IU NWU Iowa OSU MSU UW-Mad Mich PSU CICme IU NWU Iowa OSU MSU Minn
InCommon Federation Unites Authentication UC UW-Mad UIUC Purdue IU CICme PSU Iowa OSU Mich NWU MSU Minn
CICme Federation Timeline Spring 2008 Selection of CICme as pilot application Summer 2008 All CIC members join InCommon Fall 2008 Design membership provider based on MS SQL provider for CICme Feb 17, 2009 CICMe conversion to Federated access complete Next Steps Potential projects: Attribute Release Standardization Cross-Registration for Courses HathiTrust (SDR)
Solution Overview CICme ASP.NET Forms Authentication ASP.NET Authorization Direct (username/pwd) Shibboleth SQL Role Provider SQL Membership Provider SQL Membership DB (users and roles)
Solution Overview – Cont. Shibboleth Lazy Session Attributes eduPersonPrincipalName (ePPN) as username
Authentication Process Local Campus Login System Username (ePPN) Locate User in Memb. Db Federated User CICme Login Page ASP.NET Forms Authentication Authorization Non-Federated User SQL Role Provider Direct Authentication SQL Membership Provider Username + Password Requested CICme Page
Demonstration
Challenges Faced Logout – similar to sso logout issues User profile information
Migration Strategy for CICme Users How do we collect ePPN ? Email search match Copy roles and profile Request Access Minimize Attribute release
Next Steps Facilitate development of CIC wide attribute release standardization Federate more CIC wide applications
Contact us: Tim Newcomb, Network Analyst tdnewk@staff.cic.net Marko Stojkovic, Information Technology Specialist mjstojkov@staff.cic.net Committee on Institutional Cooperation 1819 South Neil Street, Suite D Champaign, IL 61820-7271 Phone: 217-333-8475 www.cic.net
Contact us: Rahul Doshi Lead Analyst Identity Management Systems rdoshi@indiana.edu
Resources CIC: http://www.cic.net/ InCommon: http://www.incommonfederation.org CIC Article “One Password Fits All” http://www.cic.net/Libraries/Reports/OnePasswordFitsAll.sflb.ashx
Thank you! Questions?
Appendix