Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shibboleth Today and Tomorrow Over the last year, Shibboleth, the inter-institutional authorization system, has progressed from advanced testing to widespread.

Published byAde Atmadja Modified over 6 years ago

Similar presentations

Presentation on theme: "Shibboleth Today and Tomorrow Over the last year, Shibboleth, the inter-institutional authorization system, has progressed from advanced testing to widespread."— Presentation transcript:

1 Shibboleth Today and Tomorrow Over the last year, Shibboleth, the inter-institutional authorization system, has progressed from advanced testing to widespread deployment. This session will include campus case studies in transitioning from testing to production, including an introduction to the policy, technical, and transition issues each institution addressed. The Shibboleth roadmap for the coming year will be presented as well. University at Buffalo Closing In On Production Services Salon I/II/III Daniel Arrasjid This is the session we were talking about originally. After the tutorial session appeared as a possibility, we began to think of targeting this track session toward Shib novices, and using this session as a status update, and a quick look at the Shib roadmap. I'd like to ask three deploy sites with significant experience to describe their use of Shib - original goals, applications, status, next steps, etc. Each speaker/site (except me) would have about 20 minutes. Of necessity, these presentations will be higher level and less detailed than the tutorial sessions, and will likely describe what you did, rather than how you did it. And probably more background info than on monday Copyright 2004 Daniel Arrasjid. Computing and Information Technology. University at Buffalo. Buffalo, New York USA. Permission to copy all or part of this material is granted provided that (a) the copies are not distributed for direct commercial benefit (b) the University at Buffalo copyright notice is present, and (c) notice is given that copying is with permission of the University at Buffalo. To copy otherwise requires a fee, specific permission, or both. 22 February 2019

2 Agenda Overview of UB Goals and Drivers Applications
Technical Considerations Current Status and Next Steps 2/22/2019

3 Overview of UB Doctoral/research extensive university
Large and comprehensive public university 27,000+ students,13,000+ employees Two main campuses Central and Distributed IT Part of the SUNY system Existent Identity Management System (’97) Shibboleth Planned for Summer ‘04 Existent is important – Provisioning of services and directories Several thousand groupings already defined Policies on data access and group/attributes 2/22/2019

4 Goals And Drivers Key Component (DCE) of Identity Management set to retire Business Continuity and Disaster Recovery Virtualization of services, dynamic provisioning Applications requiring more robust attributes Library resource access management SUNY Federation 2/22/2019

5 Architecting For Biz Continuity
2/22/2019

6 Architecting For Biz Continuity
2/22/2019

7 Applications Web Application Farms – Summer 2004 Portal Transcripts
Course Registration Course Applicability System Electronic Payment …All of the above currently housed on 1 large system 2/22/2019

8 Technical Challenges Testing Shibboleth Against Our Needs
Scalability Stability Performance Virtualization / Web Farms Performance Targets 5500 WebISO/hour – 1.5 WebISO/second WebISO transaction under 3 seconds Does it scale well with hardware/cpu Is it stable, under load Can it handle heavy loads Does it support Web Server Farms 2/22/2019

9 Technical Challenges Stability and Performance Issues:
Shib 1.1 SHAR crashes under load on Solaris Shib 1.1 tomcat returns error 500 every 100 HS requests Co-sign adds to much overhead to WebISO Java SSL adds significant overhead Tomcat and native SSL (from Co-Sign) > 1.8 WebISO/second WebISO transaction 2.5 seconds (5 seconds) Using 1 Dell x2GHz for HS/WebISO/AA 2/22/2019

10 Virtualized Services 2/22/2019

11

12 Transition to Production
Applications Migrate applications to Web Farm model Migrate application to use Shibboleth instead of legacy sign-on (mod_auth_dce) Certificate Authority Verisign Certificates in a Web Farm model($250/server/yr) InQueue and InCommon Start InQueue, Move to InCommon Staff Training IDM support team, application developers Equipment 2/22/2019

13 Status Pre-production environment in place Load testing complete
Installed and configure web application farm Shibboleth development team involved w/issues Training of IDM support team 2/22/2019

14 Status – Next Steps Test Shibboleth 1.2
Install and configure the production origin farm Complete virtualization in WebISO LDAP service to multi-master Configure CSS 11K source IP NAT Complete training and support documentation Refine/Document in process for new Targets 2/22/2019

15 Status – Next Steps Work out schema governance - AD governance model might be a good straw-dog. Policy for attributes in LDAP mirror what we have in our legacy system(DCE) grand-fathered under our legacy(DCE) authorization policies, Focus on centrally services. Expect the distributed community to have keen interest. 2/22/2019

16 Costs* and System Configurations
LDAP 440 Hours* 4x Sun Enterprise 280 systems, 2Gig RAM, 2x900MHz CPUs, Sun crypto accelerator cards, Solaris, Sun ONE DS, $54,000 Kerberos 365 Hours* 4x Sun V120 systems with 512Meg RAM and 650MHz CPUs, Solaris, Kerberos 5, $14,000 Shibboleth Origin/AA/Cosign 460 Hours* 8x Dell 6650 systems, Quad Xeon 3.2GHz, 2Gig RAM, Redhat Advanced Server, $35,000 Total Cost: 1,265 hours* $103,000 *Estimated 2/22/2019

17 Identity Management and Shibboleth Acknowledgements
Joel Murphy Len Swiat Lisa Maira Dan Boyd Dennis Gilhooley Rob Wright Kathy Murphy Matt Stock Eddy Arrasjid Ewa Arrasjid Jim Brandt UB’s Distributed IT Community Our friends at OSU, PSU, Ohio U, Cal-Poly Ponoma 2/22/2019

18 2/22/2019

Download ppt "Shibboleth Today and Tomorrow Over the last year, Shibboleth, the inter-institutional authorization system, has progressed from advanced testing to widespread."

Similar presentations

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.

Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.
Understanding Active Directory

Understanding Active Directory
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity1 Provisioning Services Collaborative CSU, East Bay and CSU, San Bernardino.

July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity1 Provisioning Services Collaborative CSU, East Bay and CSU, San Bernardino.
Case Study: Newcastle University

Case Study: Newcastle University
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Identity Management: The Legacy and Real Solutions Project Overview.

Identity Management: The Legacy and Real Solutions Project Overview.
Copyright Statement © Jason Rhode and Carol Scheidenhelm. 2006. This work is the intellectual property of the authors. Permission is granted for this material.

Copyright Statement © Jason Rhode and Carol Scheidenhelm This work is the intellectual property of the authors. Permission is granted for this material.
Shibboleth 1.0: Federations, Metadata, and Trust Scott Cantor The Ohio State University and Internet2 © Scott Cantor 2003. This work.

Shibboleth 1.0: Federations, Metadata, and Trust Scott Cantor The Ohio State University and Internet2 © Scott Cantor This work.
Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, 2004. This work is the intellectual property of the.

Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, This work is the intellectual property of the.
Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,

Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,
Deployment Panel: Planning and Implementing for the Big Day Daniel Arrasjid University at Buffalo Copyright Daniel Arrasjid 2004. This.

Deployment Panel: Planning and Implementing for the Big Day Daniel Arrasjid University at Buffalo Copyright Daniel Arrasjid This.
Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.

Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Oracle Application Server 10g (9.0.4) Recommended Topologies Pavana Jain.

Oracle Application Server 10g (9.0.4) Recommended Topologies Pavana Jain.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.
Module 8 Configuring and Securing SharePoint Services and Service Applications.

Module 8 Configuring and Securing SharePoint Services and Service Applications.
TNC 2008 JANET(UK) Shibboleth on Windows Trial TNC May 2008 Louis Searchwell Please note that the Shibboleth installer for Windows described in this presentation.

TNC 2008 JANET(UK) Shibboleth on Windows Trial TNC May 2008 Louis Searchwell Please note that the Shibboleth installer for Windows described in this presentation.

Similar presentations

Ads by Google