EduGain Federation – Web SSO

Slides:



Advertisements
Similar presentations
Suchin Rengan Principal Technical Architect Salesforce.com
Advertisements

Identity Network Ideals – Heterogeneity & Co-existence
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Service Bus Service Bus Access Control.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
WebFTS as a first WLCG/HEP FIM pilot
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
CERN Cloud Infrastructure Report 2 Bruno Bompastor for the CERN Cloud Team HEPiX Spring 2015 Oxford University, UK Bruno Bompastor: CERN Cloud Report.
Federated A(A(A))I Jens Jensen hepsysman, RAL,
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
1 World-Leading Research with Real-World Impact! Authorization Federation in IaaS Multi Cloud Navid Pustchi, Ram Krishnan and Ravi Sandhu SCC 2015.
Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland t OIS CERN Single Sign-On Summer 2012 Updates Emmanuel.
Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.
Shibboleth 2.0 IdP Training: Authentication January, 2009.
Authentication. 2 © 2010 SWITCH Terms: Authentication Mechanism A concrete mechanism used to authenticate a user. Shibboleth 2 currently supports REMOTE_USER,
Tim Bell 24/09/2015 2Tim Bell - RDA.
Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
Connect. Communicate. Collaborate AAI scenario: How AutoBAHN system will use the eduGAIN federation for Authentication and Authorization Simon Muyal,
WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.
Cloud federation Are we there yet? Marek Denis CERN openlab Major Review Geneva, Switzerland › October
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.
Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Milan.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Connect. Communicate. Collaborate Universität Stuttgart A Client Middleware for Token- Based Unified Single Sign On to eduGAIN Sascha Neinert, University.
Federating non-web services with LDAP-Façade
Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.
Opening Up OpenStack’s Identity Service David W Chadwick, Ioram S Sette, Kristy W Siu.
OASIS Mngt Protocol Use Cases. Actors and Their Roles “Manageable” Object Management Application Service Access Point “Managed” Objects Management Discovery.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
EMI is partially funded by the European Commission under Grant Agreement RI Federated Grid Access Using EMI STS Henri Mikkonen Helsinki Institute.
Introduction & use-cases FedAuth IETF78 Maastricht, July 27, 2010
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Transforming the Existing User Credentials.
University of Murcia Gabriel López.  Network authentication in eduroam and SSO token distribution ◦ RADIUS hierarchy ◦ Token based on SAML  Network.
EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Simplified Credential Management Henri.
AAI needs of the Distributed Computing Infrastructures - CLARIN Dieter Van Uytvanck Max Planck Institute for Psycholinguistics
F5 APM & Security Assertion Markup Language ‘sam-el’
Kipper – a Grid bridge to Identity Federation Andrey Kiryanov.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Enabling SSO capabilities in the EGI Cloud services Peter Solagna – EGI.eu.
INDIGO – DataCloud CERN CERN RIA
CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Web site lifecycles Problem is that web sites live forever –Out of date sites with.
Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Utrecht.
1 Authorization Federation in Multi-Tenant Multi-Cloud IaaS Navid Pustchi Advisor: Prof. Ravi Sandhu.
European Life Sciences Infrastructure for Biological Information European Life Sciences Infrastructure for Biological Information.
Access Policy - Federation March 23, 2016
Using Your Own Authentication System with ArcGIS Online
WLCG Update Hannah Short, CERN Computer Security.
Azure Active Directory - Business 2 Consumer
Federation made simple
CRIC ・ Authentication & Authorization
Identity Federations - Overview
Data and Applications Security Developments and Directions
Christos Kanellopoulos
Scalability of trust and metadata exchange across federations
Umbrella authentication
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
ESA Single Sign On (SSO) and Federated Identity Management
Put SAML assertion in context
Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini.
INTEGRATIONS WITH Single Sign-On
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
LifeWatch AARC Pilot Fernando Aguilar 13th FIM4R Workshop
Presentation transcript:

EduGain Federation – Web SSO CERN SSO EduGain Bruno Bompastor: CERN Cloud Report

Horizon’s View of EduGain Presents Web SSO to user Login successful with attributes e.g. email=alvise.dorigo@pd.infn.it Map attributes to groups e.g. grouplist=indigo-dataclouds-admin Map groups to roles e.g. project member of “EU Indigo DataClouds” Bruno Bompastor: CERN Cloud Report

Bruno Bompastor: CERN Cloud Report Federation using SAML Works with CLI access using SAML/ECP Bruno Bompastor: CERN Cloud Report

Keystone to Keystone Federation Needs Kilo+ for Keystone to become an IdP Administrator Establishes trust between CERN cloud and INFN cloud Defined mappings INFN User Authenticates against INFN cloud Keystone CERN cloud Keystone accepts his token for defined roles in a project Bruno Bompastor: CERN Cloud Report

Bruno Bompastor: CERN Cloud Report Public cloud support 30 public cloud vendors and distributions announced support by EOY 2015 Rackspace IBM HP … Bruno Bompastor: CERN Cloud Report

Multiple authentication protocols Bruno Bompastor: CERN Cloud Report

Bruno Bompastor: CERN Cloud Report X.509, Kerberos and VOMS OS_AUTH_TYPE end user variable in unified CLI v3Kerberos v3x509 CERN cloud supports X.509 and Kerberos using REMOTE_USER Environment variable set to give authentication method Apache authenticates for the URL and passes user id etc to the Keystone service Potential to support VOMS via same mechanism Alvaro Garcia (CSIC) will update EGI FC support in Keystone during the summer Bruno Bompastor: CERN Cloud Report

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.