The Future of Campus Single Sign-On

Slides:

Advertisements

Similar presentations

>> Fronter Helsinki, April 8 th, 2008 Aleksander Pettersen.

Advertisements

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland.

Eric Raff. Usergroup up

Shibboleth at Newcastle Caleb Racey Webteam ISS Shibboleth experiences Program  Background  What shib has enabled  Benefits of shib  How to do shib.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.

Financial Upgrade 8.8 Update. Status Fit Gap Complete Fit Gap Complete Design in Progress Design in Progress Development in Progress Development in Progress.

Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

Authentication via campus single sign-on 2012 VIVO Implementation Fest.

Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager.

Grouper UI Part 1 Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 STRIDE towards 2-factor Web SSO Rich Graves October 2014 GIAC GSE, GCIA, GCIH, GPEN,

Integrating with UCSF’s Shibboleth system

SAML 2.0: Federation Models, Use-Cases and Standards Roadmap

Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet,

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

Navigating the Standards Landscape Andrew Owen SEARCH.

Federated Identity and Shibboleth Concepts Rick Summerhill Chief Technology Officer Internet2 GEC3 October 29, 2008 Slides by Nate Klingenstein

Shibboleth: An Introduction

Current list of common attributes of the EDIT federation Single Sign-On for the EDIT platform Lutz Suhrbier¹, Andreas Kohlbecker², Andreas Müller² 1 Freie.

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

Learning Management System Conversion August 2010.

INFSO-RI Enabling Grids for E-sciencE SA1 and gLite: Test, Certification and Pre-production Nick Thackray SA1, CERN.

Payment in Identity Federations David J. Lutz Universitaet Stuttgart.

PAPI: Simple and Ubiquitous Access to Internet Information Services JISC/CNI Conference - Edinburgh, 27 June 2002.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Campuses New to Shibboleth: WebSSO Barry Johnson

EMI is partially funded by the European Commission under Grant Agreement RI Federated Grid Access Using EMI STS Henri Mikkonen Helsinki Institute.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

SAML Interoperability Lab RSA Conference Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML History SAML Interop Lab Q & A Demo.

Tutorial on Science Gateways, Roma, Riccardo Rotondo Introduction on Science Gateway Understanding access and functionalities.

General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen.

Office of Information Technology GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th,

The FederID project The First Identity Management and Federation Free Software.

UMA and OpenID Connect Plugins for Apache It would be so awesome if we (meaning the citizens of the Internet) had plugins for popular web servers to make.

IT Services Shibboleth Single Sign-On overview. Overview What/where/why? The UK-Federation/Registration Terminology Configuration Protecting Content Benefits.

Improving Extending the Shibboleth Identity Provider User Experience Keith Hazelton University of Wisconsin-Madison William G. Thompson, Jr. Unicon, Inc.

Access Policy - Federation March 23, 2016

Using Your Own Authentication System with ArcGIS Online

Shibboleth Architecture

Identity and Access Management (IAM) Update on Initiatives – Presentation to Systems Governance Group Bruce Vincent, UIT September 26, 2016 Randy asked.

Experiences to Date Faculty of Engineering April 2017

Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd

Analyn Policarpio Andrew Jazon Gupaal

Federation made simple

Shibboleth Roadmap

Federation Systems, ADFS, & Shibboleth 2.0

Extending Authentication to Members of Social Networks

HMA Identity Management Status

Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support

John O’Keefe Director of Academic Technology & Network Services

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

Quickr-J Integration with the IBM portfolio (Notes, Sametime, Connections, ECM & WebSphere Portal) Quickr SVT - Mark Curran.

Identity Federations - Installation and operation

SERVICENOW ADMIN & ADVANCED ONLINE TRAINING

API Documentation Guidelines

Shibboleth Implementation in EZproxy

Authentication Protocol

What’s changed in the Shibboleth 1.2 Origin

Simplified Development Toolkit

IST346: Namespaces, Identity Management

Shibboleth 2.0 IdP Training: Introduction

User Provisioning Project

INTEGRATIONS WITH Single Sign-On

Presentation transcript:

The Future of Campus Single Sign-On Warren Leung

Brief History WebAuth 90’s home grown Single Sign On (SSO) system Widely deployed on campus – 400+ applications Works only for applications hosted at UCI Security Assertion Markup Language (SAML) – Shibboleth SAML 1.0 released in 2000’s OASIS Standard Federation enabled Gaining adoption – 100+ applications at UCI This is the next step forward

Why? Standards based Reduced application development overhead - no additional LDAP call for data Real-time data delivery at sign in Widely adopted world wide Federation Support Language agnostic Secure

Tentative Timeline End of October 2020 – 2021 2021 – 2022 Early 2022 New Look and Feel for WebAuth and Shibboleth UI 2020 – 2021 Provide training and how to documentation to assist users migrating New SSO integrations should be SAML based and not WebAuth Begin migrating WebAuth based applications to SAML 2021 – 2022 Migrate all remaining WebAuth Applications Early 2022 Shut down WebAuth

New UI

How does it work? https://www.secureauth.com/blog/introduction-to-saml

Working with the Shibboleth SP Install Shibboleth Service Provider (SP) Works on Apache, IIS, NGINX, Mac Update configuration files Read environmental variables at sign in

Questions?

Thank You warrenwl@uci.edu