3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.

Slides:



Advertisements
Similar presentations
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Advertisements

Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.
EDUCAUSE Security Professionals Conference 2007 Monkey-in-the-Middle Attacks on Campus Networks Andrew J. KortySean KrulewitchIndiana University April.
Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
The Homegrown Single Sign On (SSO) Project at UM – St. Louis.
Identity Management: The Legacy and Real Solutions Project Overview.
Shibboleth and InCommon Copyright Texas A&M University This work is the intellectual property of the author. Permission is granted for this material.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, This work is the intellectual property of the.
Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 1 Georgia State University Sharing Resources – Sharing.
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,
Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel.
2003 © SWITCH Realization of a Vision: Authentication and Authorization Infrastructure for the Swiss Higher Education Community Copyright Martin Sutter,
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
Educause 2006, Dallas TX What does a University need from Access Management? John Paschoud InfoSystems Engineer, LSE Library London School of Economics.
Project Shibboleth Update, Demonstration and Discussion Michael R Gettes Duke University (on behalf of the entire shib team!!!) June.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Georgia State University Case.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
Mairéad Martin The University of Tennessee September 13, 2015 Federated Digital Rights Management.
Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.
Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.
David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Shibboleth for Real Dave Kennedy
Internet2 CAMP Shibboleth Scott Cantor (Hey, that’s my EPPN too.) Tom Dopirak Scott Cantor (Hey, that’s my.
Using Levels of Assurance Well, at least thinking about it…. MAX (just MAX)
Shibboleth: An Introduction
Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.
Holly Eggleston, UCSD Shibboleth and Library Resources InCommon Library/Shibboleth Project.
US of A and A Activities Ken Klingenstein, Director Internet2 Middleware Initiative.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 NMI R3 Enterprise Directory Components.
Integrating the Library into Next-Generation Course Management Systems Steve Acker, Jim Bracken, and Scott Cantor The Ohio State University Copyright Stephen.
Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.
1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.
Campus Experience: Pubcookie University of Alabama at Birmingham Academic Computing Zach Garner.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Digital Diversity: Multi- institutional Access to Distributed Course Resources Barry Ribbeck UT HSC - Houston.
Shibboleth: OSU Early Adoption Scenarios Scott Cantor April 10, 2003 Scott Cantor April 10, 2003.
Internet2 Spring Meeting, Washington DC April NMI R2 Shibboleth recipe experience Art Vandenberg Director, Advanced Campus Services Information.
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
Mairéad Martin The University of Tennessee December 16, 2015 Federated Digital Rights Management.
Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck
Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.
Administrative Information Systems Shibboleth Install Session Technical Information Session for Developers Datta Mahabalagiri.
2-Oct-0101 October 2001 Directories as Middleware Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
WebISO, Single Sign-On & Authorization General Overview Shelley Henderson Project Manager, Grid Software USC Information Services Copyright.
Internet2 Spring Meeting, Washington DC April NMI R2 Directory Services Components Overview Art Vandenberg Director, Advanced Campus Services Information.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
© Scottsdale Community College Leveraging the Power of E-Learning Taking your course to a higher level Presented by Sidne Tate Director, Instructional.
Blackboard Learning System r6 and Shibboleth Barry Ribbeck U.Texas Health Science Center at Houston Christopher Etesse Blackboard Inc.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
The FederID project The First Identity Management and Federation Free Software.
University of Southern California Identity and Access Management (IAM)
Federated Identity Management at Virginia Tech
Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd
Shibboleth Project at GSU
John O’Keefe Director of Academic Technology & Network Services
e-Infrastructure Workshop 28th March 2006, University of Leeds
Federating with NIH, NSF, and the National Student Clearinghouse
University of Southern California Identity and Access Management (IAM)
Federated Digital Rights Management
Open Source Web Initial Sign-On Packages
Shibboleth Deployment Overview
Presentation transcript:

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication and Authorization Control for Access to Remote Web Resources Art Vandenberg Director, Advanced Campus Services Georgia State University “Copyright Art Vandenberg This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.”

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 2 Given that... Shibboleth – you know what it is... You know key concepts of privacy preserving trust across federated domains... You understand it uses open source standards…

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 3 What’s the Problem Space at Georgia State? Access to digital library resources (vendor databases) Current solution –IP-based access spoofable, limiting –Proxy server –Group accounts some database passwords posted on public web! –Additional accounts & passwords management hassles, synchronization complexity extra account for user lag time setting up a new person (faculty, student, or employee) low level assurance

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 4 Shibboleth Solution for Georgia State’s Pullen Library Access without proxy Leverage local enterprise authentication Access based on role attributes (finer grained) Enables access from anywhere on web Reduced logins Stronger authentication (not just IP) Addresses user privacy

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 5 Architecture components Sun Solaris for Georgia State Shibboleth Origin Apache, Tomcat, J2SE Origin site (enterprise) requirements –Handle Server single signon (SSO) or web initial signon (WebISO) –Attribute Authority repository (mySQL or LDAP) Target site requirements –SHIRE –SHAR –WAYF –Resource Manager See NMI component PubCookie See NMI component LDAP recipe See NMI component eduPerson

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 6 Flow Diagram Handle Service SHIRE (Shibboleth Handle Indexical Reference Establisher Authentication System Attribute Authority WAYF (Where are you from?) Web resource ( SHAR (Shibboleth Attribute Requester)

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 7 EZProxy Institutions Georgia Quite some potential… Especially if we work together to convince Vendors. (Or do we want to use IP access and still pay site license rates while only few may need the resource?)

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 8 Georgia State Shibboleth October 2003 V 1.0 origin installed Authenticate using CampusID Attributes via eduPerson from Campus LDAP Pilot with EBSCO, OCLC, JSTOR Library Shibboleth pilot page – Let’s take a look LDAP Recipe for directory, ids 2. eduPerson for eduPersonAffiliation eduPersonEntitlement 3. Shibboleth for access to web resources

Access Web Resource – EBSCO GSU Library Shibboleth Pilot info page 1. EBSCO test URL

Redirect via WAYF InQueue Federation (for pilot testing) 2. Pick your Shib origin (these are Inqueue sites recognized by target WAYF)

Local Authentication (GSU origin) 3. Don't worry about certificate warning, say OK -- your browser has not been configured for certificates used by the test environment

(Interim Certificate used at Target) 4. Ditto… say Yes test certificates Not known to your browser

GSU Origin – Local Login 5. Use local authentication (GSU CampusID/pw) This page invoked by Georgia State Origin

Successful Authentication Authenticated user is being directed to web site… (with Authorization checking behind the scenes)

EBSCO Web Resources Accessing EBSCO research Databases. 6. Do your thing. 5 steps: 1. Pick url 2. Pick origin 3. Ok to cert 4. Yes to cert 5. Login Use resource

Access Web Resource – JSTOR 1. Now Select Browse JSTOR (continuing current browser session)

Access, no Re-login (Shib saves session) Direct access to next Shibboleth site – (no WAFY, no GSU local login) 2. Do your thing. 1 (NOT 5) steps: 1. Pick url [2. NA] [3. NA] [4. NA] [5. NA] Use resource

JSTOR site knows it’s GSU “Your access to JSTOR is provided by Georgia State University” (identity not passed, but attributes may be)

OCLC / authorization attributes OCLC needs no further authentication, but does require specific attributes eduPersonAffiliation = eduPersonEntitlement= urn:mace:oclc:org…

OCLC web resources Appropriate attributes permit access... OCLC recognizes Georgia State member (and contract)

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 21 Ongoing Work Federations –InQueue (pilot) to InCommon (incorporated Board of Directors…) –Policy framework Production Server (Origin Service) –Enterprise level hardware –Full SSL on all components –Production certificates (not test certs…) Provisioning services & management of attributes/roles –IBM Directory Integrator component

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 22 Ongoing NMI Working Groups... Shibboleth Academic Sig –Focus group: Library SysAdmin of vendor licenses –Drafting second set of vendors Other vendors? Georgia State needs –200+ Library Vendors –WebCT –Galileo (Georgia Statewide Library) Research & deployment opportunities? –Vaishnavi & Stucke (CIS) & Atlanta Airport

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 23 More info & links you can test drive Shibboleth – Internet2 – Switch - Swiss Education and Research Network (demo) – –Demos using Example State University WebCT press release Shibboleth – etymology –

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 24 Contact Art Vandenberg Thank you

Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment Anaheim, CA Monday November 3, :30 am – 5:00 pm

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.