Presentation is loading. Please wait.

Presentation is loading. Please wait.

Federation Systems, ADFS, & Shibboleth 2.0

Published byAbner Wells Modified over 6 years ago

Similar presentations

Presentation on theme: "Federation Systems, ADFS, & Shibboleth 2.0"— Presentation transcript:

1 Federation Systems, ADFS, & Shibboleth 2.0
Chad La Joie Georgetown University / Internet2

2 Federations Foundation for business relationships Provide common:
Policy base Protocol and Attribute Definitions Participant Endpoint Metadata Business Practices Inter-federation agreements Bi-lateral and multi-lateral trust on a business and technical oriented level

3 Federation Systems Federation Systems are not:
Virtual/Meta Directories Identity Management systems Account provisioning systems Authentication systems Authorization systems

4 Federation Systems Federation Systems:
Use existing identity management systems Transmit authentication information Transmit identity attributes Release information based on policy Identify, authenticate, and secure communication between endpoints

5 Active Directory Federation Service
WS-Federation Passive Profile Interoperability Scenario SAML 1.1 Assertion Payloads Web application, Single-Sign On focused Supported in Windows 2003 Server, R2 Is not related to InfoCard

6 Active Directory Federation Service
Strong Points Remote users mapped onto AD accounts and groups without need for shadow accounts Expose AD user and attributes to standalone applications hosted on heterogeneous platforms Easy to enable ADFS Account Partner (IdP) support for an AD system

7 Active Directory Federation Service
Weak Points Currently does not inter-operate with MS products like Outlook Web Access Endpoints described by non-standard metadata Resource provider set up is confusing Almost non-existent documentation of PKI mechanics Difficult to implement mechanics to deal with new attributes No plans to continue development of WS-Fed; InfoCard is the future

8 Shibboleth 2.0 What's new Internalized authentication and a concept of a user session Support for SAML 2.0 Single Sign-On, Single Logout, and Attribute Query Persistent Identifiers Enhanced Attribute Authority and Connectors Java Service Provider Better documentation Scheduled for release end of 2006

9 Shibboleth 2.0 What's the same SAML 1.0 and 1.1 support
U.S. eAuth and ADFS support Apache/IIS/iPlanet C++ SP ARP and AAP policies

10 Shibboleth 2.0 What's not there Delegation/Proxy/N-Tier support
SAML 2.0 NameID mapping/management WS-Security and WS-SX support Account Linking

Download ppt "Federation Systems, ADFS, & Shibboleth 2.0"

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.

Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
TF-EMC2 | Lyon - France | February 2011 SAML WORK WITH SHAREPOINT, OWA, … Jean Marie THIA.

TF-EMC2 | Lyon - France | February 2011 SAML WORK WITH SHAREPOINT, OWA, … Jean Marie THIA.
® Practical Approaches to Web Services Authentication 72nd OGC Technical Committee Frascati, Italy Fiona Culloch March 9, 2010 Sponsored and hosted by.

® Practical Approaches to Web Services Authentication 72nd OGC Technical Committee Frascati, Italy Fiona Culloch March 9, 2010 Sponsored and hosted by.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.

Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March 3. 2008.

Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.

Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Similar presentations

Ads by Google