Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.

Published byDominic Wooddell Modified over 10 years ago

Similar presentations

Presentation on theme: "Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008."— Presentation transcript:

1 Enabling UCTrust Access for Your Application Introduction to Shibboleth @ The UC CSC Conference UC Santa Barbara, July 21-22, 2008

2 Shibboleth The technology behind UCTrust A Federated Single Sign-on Software Open Source; developed by Internet2 Allows selective release of user information, based on home institutions data release policy

3 Single Sign-On Allows access to protected online resources Users logs in only once Reduced administration Increased Security

4 Federated Single Sign-On across institutions User logs in using her home institutions login ID to outside resources Federation helps with coordinating policy and practices among participants UC Trust

5 Shibboleth Components Service Provider The client side Lives on your web server Handles authentication and access requests for your web server Modules available for Apache and IIS. SP

6 Shibboleth Components Identity Provider The Server side Typically one per campus Responds to SP requests Logs in users Answer attribute query requests IdP

7 Shibboleth Components Where Are You From Location Discover Service in Shibboleth 2.0 Lets user choose his/her home organization WAYF

8 Shibboleth in Action Associate Professor in Linguistics Bob needs to make travel arrangements for his upcoming conference Bob

9 Shibboleth in Action IdP SP Web App web server 1 Bob visits the UC Travel Portal. 1

10 Shibboleth in Action IdP SP Web App web server 2 1 Bob isnt logged in. The SP intercepts the request and redirects Bob to a campus IdP to login. 2

11 Shibboleth in Action IdP SP Web App web server 2 1 Oops! We dont know where Bobs from. SP sends Bob to WAYF so Bob can choose tell us who is his home campus. WAYF 3 3

12 Shibboleth in Action IdP SP Web App web server 2 1 Bob picks his campus. Now we can go to his home IdP. WAYF 3 4 4

13 Shibboleth in Action IdP SP Web App web server 5 2 1 Bob logs in at his home campuss IdP. WAYF 3 4 5

14 Shibboleth in Action IdP SP Web App web server 6 5 2 1 6 The IdP processs the login attempt. If successful, it sends Bob, along with information about Bob, back to the SP. WAYF 3 4 6

15 Shibboleth in Action IdP SP Web App web server 6 5 2 1 6 7 SP now has proof that Bob has successfully logged in. It forwards Bobs request onto the Travel Portal. WAYF 3 4 7

16 Shibboleth in Action IdP SP Web App web server 6 5 2 1 6 7 WAYF 3 4

17 Shibboleth Home http://shibboleth.internet2.edu IAMUCLA https://spaces.ais.ucla.edu/iamucla Shibboleth Connector for Confluence http://confluence.atlassian.com/display/CONFEXT/Shibb oleth+Authenticator+for+Confluence TestShib http://www.testshib.org

18 Installing a SP Demonstration

19 Shibboleth in Action IdP SP Web App web server 6 5 2 1 7 8 Describe whats going on on this slide WAYF 3 4 1

20 Shibboleth in Action IdP SP Web App web server 4 3 2 1 5 6

Download ppt "Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008."

Similar presentations

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Federation management A mess? 9.4.2008 Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.

Federation management A mess? Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.
Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.

Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.
Introduction to Shibboleth and the IAMSECT Project.

Introduction to Shibboleth and the IAMSECT Project.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Brown University Shibboleth at Brown University James Cramton April 2, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.

Brown University Shibboleth at Brown University James Cramton April 2, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Infrastructure for Multi-Professional Education and Training Using Shibboleth.

Infrastructure for Multi-Professional Education and Training Using Shibboleth.
NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.

NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March 3. 2008.

Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
AAI with simpleSAMLphp

AAI with simpleSAMLphp
SWITCHaai Team Introduction to Shibboleth.

SWITCHaai Team Introduction to Shibboleth.
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

Similar presentations

Ads by Google