Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Umbrella with other technologies at Diamond

Published byLoren Hamilton Modified over 6 years ago

Similar presentations

Presentation on theme: "Using Umbrella with other technologies at Diamond"— Presentation transcript:

1 Using Umbrella with other technologies at Diamond
Umbrella applied Using Umbrella with other technologies at Diamond 6th PaNdata & CRISP Harmonisation Meeting, 25 March 2014, Trinity College, Dublin

2 What is...? Umbrella Everyone here knows what it is Uses Shibboleth
iCat Moonshot Brings power and richness of SAML to RADIUS Uses RADIUS + GSS-API. 6th PaNdata & CRISP Harmonisation Meeting, 25 March 2014, Trinity College, Dublin

3 What have Diamond done so far?
Connected Moonshot PoC with Umbrella (late Aug ’13) Published Jasig CAS ABFAB authenticator on Maven Central (Nov ’13) Built Shibboleth ECP client together with DARIAH-DE (Dec ‘13/Jan ‘14) Used indirectly in new iCat Shib2Local authenticator Launched pilot beamline with Moonshot + Umbrella using above (Mar ‘14) Umbrella can extend beyond just UO + WWW applications, examples follow 6th PaNdata & CRISP Harmonisation Meeting, 25 March 2014, Trinity College, Dublin

4 Umbrella + Moonshot DLS has implemented Moonshot on a beamline (P45)
Umbrella is another IdP source for P45 Internal Umbrella server, syncing with UmbrellaID.org Umbrella server has FreeRADIUS server (v3.0.1) installed Authentication with EAP-TTLS/EAP-GTC (EAP-TTLS/PAP) Future: Add UmbrellaID as a Moonshot trust-router IdP Part of GÉANT, part of what Björn is doing 6th PaNdata & CRISP Harmonisation Meeting, 25 March 2014, Trinity College, Dublin

5 Umbrella + iCat (1/2) Shibboleth and Shibboleth-2-Local (Shib2Local) iCat connectors Uses Shibboleth ECP functionality Remains secure over SSL even though SAML attributes in plain text Java 1.7 supports TLS SNI (Server Name Indication), i.e. safer SSL Shibboleth connector Uses simple yes/no AuthN (username typed in is user for iCat) Shibboleth-2-Local (Shib2Local) connector Uses local database mapping for EAAHash -> local username Verified as functional in SV8 6th PaNdata & CRISP Harmonisation Meeting, 25 March 2014, Trinity College, Dublin

6 Umbrella + iCat (2/2) Current (v1.0.x)
Proves the concept that Umbrella + iCat is possible Uses both SP and IdP of a Shibboleth conversation, sits in the middle ECP client requests access to SP, receives SP AuthN request ECP client forwards AuthN request to IdP, gets SAML assertion Consumes assertion Future ECP client will be SP, simply builds + sends AuthN request The rest remains the same Will allow us to use conditional encryption on assertions 6th PaNdata & CRISP Harmonisation Meeting, 25 March 2014, Trinity College, Dublin

7 What next? As part of new JANET role, will be involved in GÉANT
Will continue to support DLS and STFC in Moonshot roll-out, then extend to other Research + Industry organisations (this is my new job) Hope to continue work with Richard Eckart de DARIAH-DE on Shibboleth ECP client Hope to continue work with Björn + Umbrella Last function at DLS will be presentation of this work at Janet’s Networkshop42 on April 2 in Leeds, UK. This will be available online 6th PaNdata & CRISP Harmonisation Meeting, 25 March 2014, Trinity College, Dublin

8 Questions? 6th PaNdata & CRISP Harmonisation Meeting, 25 March 2014, Trinity College, Dublin

Download ppt "Using Umbrella with other technologies at Diamond"

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
ABFAB for Internet-of-Things Rhys Smith, Janet Sam Hartman & Margaret Wasserman, Painless Security.

ABFAB for Internet-of-Things Rhys Smith, Janet Sam Hartman & Margaret Wasserman, Painless Security.
Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.

Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.
Project Moonshot February 2012. Background Project Moonshot 2.

Project Moonshot February Background Project Moonshot 2.
Trust Router Overview IETF 86, Orlando, FL Trust Router Bar BOF Margaret Wasserman

Trust Router Overview IETF 86, Orlando, FL Trust Router Bar BOF Margaret Wasserman
Moonshot for Federated Identity Jens Jensen, STFC Daniel Kouřil, CESNET EGI CF, April 2013.

Moonshot for Federated Identity Jens Jensen, STFC Daniel Kouřil, CESNET EGI CF, April 2013.
© Janet 2012 Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki 1.

© Janet 2012 Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki 1.
Project Moonshot TF-MNM. Use cases Project Moonshot 2.

Project Moonshot TF-MNM. Use cases Project Moonshot 2.
Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.

Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.
SASL-SAML update Klaas Wierenga Kitten WG 9-Nov-2010.

SASL-SAML update Klaas Wierenga Kitten WG 9-Nov-2010.
SWITCHaai Team Introduction to Shibboleth.

SWITCHaai Team Introduction to Shibboleth.
Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.

Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.
Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk An Introduction to Access Management and the UK Federation Simon Cooper.

Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
Shibboleth for Real Dave Kennedy

Shibboleth for Real Dave Kennedy
Introduction Moonshot workshop 6.2.2014

Introduction Moonshot workshop
Project Moonshot update ABFAB, IETF 80. About Moonshot Moonshot is implementing ABFAB Developer meeting, 24 March 2011 Testing event, 25 March 2011 A.

Project Moonshot update ABFAB, IETF 80. About Moonshot Moonshot is implementing ABFAB Developer meeting, 24 March 2011 Testing event, 25 March 2011 A.
Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)

Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)
Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, 30396468 Supervisor: Dr. Steve Cassidy.

Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, Supervisor: Dr. Steve Cassidy.

Similar presentations

Ads by Google