Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am.

Slides:



Advertisements
Similar presentations
>> Fronter Helsinki, April 8 th, 2008 Aleksander Pettersen.
Advertisements

Towards Common Identity Services Tom Barton University of Chicago.
CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.
Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.
WSO2 Identity Server Road Map
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Widely Distributed Access Management Tom Barton University of Chicago.
CASE STUDY: UNIVERSITY OF CALIFORNIA, DAVIS. UNIVERSITY OF CALIFORNIA, DAVIS Implemented Rice in October 2009 Integrated home-grown Faculty Merit.
Portal … from the trenches! Deployment Patterns
Implementing Kuali Identity Management at your Institution Kuali Days VIII San Antonio Texas Pre-conference Workshop Monday, November 16, a.m. -
SWITCHaai Team Federated Identity Management.
AAI with simpleSAMLphp
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects.
Kuali Rice at Indiana University Rice Setup Options July 29-30, 2008 Eric Westfall.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Shibboleth IdP Training: Productionalization January, 2009.
Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.
Identity Management Access control / access management
INTEGRATION WITH OTHER IDM SOLUTIONS Remember… The primary goal of KIM was to build a service- oriented abstraction layer for Identity and Access Management.
I2Q & WMnet Pilot Presented by Jason Rousell – i2Q Jay Neale - i2Q.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
KUALI IDENTITY MANAGEMENT Provides services for Identity and Access Management in Kuali Integrated Reference Implementations User Interfaces An “integration.
Shibboleth for Real Dave Kennedy
Shibboleth 2.0 IdP Training: Authentication January, 2009.
CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.
Emerson David – University of California Davis David Elyea – San Joaquin Delta College Scott Gibson – University of Maryland Jeremy Hanson – Iowa State.
Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.
Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
Shibboleth for Local Attribute Delivery 21 June 2007.
Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.
Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.
Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.
Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, am.
Module 10: Identity and Access Services in Windows Server 2008 Active Directory.
Campuses New to Shibboleth: WebSSO Barry Johnson
Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.
June 9, 2009 SURFfederatie: implementing a multi- protocol federation Hans Zandbelt & Joost van Dijk, SURFnet.
Administrative Information Systems Shibboleth Install Session Technical Information Session for Developers Datta Mahabalagiri.
Shibboleth, SRB, PGL & Plone Russell Sim. MyProxy client uses portal with Web SSO protected with an SP transformation of attributes to certs by MyProxy.
What’s new with Grouper 26-April-2010, Spring Member Meeting Chris Hyzer, Grouper developer.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
F5 APM & Security Assertion Markup Language ‘sam-el’
Shibbolizing uPortal and a Path for Delegated Authentication with Shibboleth Tom Barton, Scott Cantor, and Andrew Petro The Ohio State University, University.
Using Your Own Authentication System with ArcGIS Online
Azure Active Directory - Business 2 Consumer
LIGO Identity and Access Management
Introducing Access Management
Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd
Analyn Policarpio Andrew Jazon Gupaal
Federation made simple
Prime Service Catalog 12.0 Integration Best Practices – LDAP and SAML Settings.
Federation Systems, ADFS, & Shibboleth 2.0
Shibboleth Integration Fairfield University
CAS and Web Single Sign-on at UConn
John O’Keefe Director of Academic Technology & Network Services
Umbrella authentication
Shibboleth SP Update Spring 2012 Scott Cantor
Identity Federations - Installation and operation
ESA Single Sign On (SSO) and Federated Identity Management
Open Source Web Initial Sign-On Packages
Mechanisms for Distributed Global Authentication David R Newman.
AD FS Integration Active Directory Federation Services (AD FS) 7.4
User Provisioning Project
Presentation transcript:

Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, am

2 Implementing Kuali Identity Management at your Institution Eric Westfall Indiana University Dan Seibert University of California, San Diego

Integrating KIM with other IdM products Implementing Kuali Identity Management at your Institution 3

4 KIM Integration Integration with various Identity Management Systems

5 Integrating KIM with CAS

6 Integrating KIM with LDAP LDAP Integration Efforts University of Arizona San Joaquin Delta College UC Davis Using CAS to connect to LDAP

7 KIM with LDAP (UofA example) UA netid is used for authentication Identity information is available in UA’s Enterprise Directory Service (EDS) Connect to EDS using Spring LDAP and overriding the KIM IdentityService KIM ParameterService provides map between KIM and LDAP attributes In order to use the KIM GUI’s properly, the UIDocumentService is also overridden

8 Integrating KIM with LDAP Configure CAS to connect to LDAP

9 with Intra-campus Web SSO Federated Access to a Rice application KIM as an Identity Provider (IdP) Using Shibboleth Attributes for KIM authorization

10 with Federated Authentication Shibboleth Login Process

11 with Federated Authentication Protecting a Rice application as a Service Provider (SP) A web server and openssl must be available first Add Shibboleth filters to the web server. Metadata defines the attributes to be passed between the Identity Provider and Service Provider. Override KIM Authentication Service

12 with Federated Authentication Metadata Example: <AttributeRule Name= “urn:mace:dir:attribute-def:eduPersonPrincipalName” Header=“REMOTE_USER” Alias=“eppn”>

13 with KIM as an Identity Provider Prerequisites: SSL certificate, source of SAML Metadata Install Shibboleth IdP Load SAML Metadata Configure KIM as the User Authentication Mechanism Implement kimAuthenticationService to authenticate the user and provide the appropriate attributes.

14 with KIM as user Authentication Mechanism Define Login Handler to match AuthenticationService Ex: Remote User for reference AuthenticationService Username/Password for LDAP Implementation Provide service endpoint for AuthenticationServiceImpl

15 with Authorization Attributes Using Shibboleth Attributes for KIM Authorization Identify Attribute Sources Define Policies for Attribute Handling, for SPs Define New Business Processes Define New Policies

16 with Federated Authentication

17 with KIM / Grouper Collaboration

18 with Adapter Overview Custom Implementation of KIM Services using Grouper Client API GroupService GroupUpdateService IdentityService

19 with Installation grouperClient.jar grouperKimConnector.jar grouper.client.properties Override kimGroupService, kimIdentityService Kuali+Rice

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.