Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shibboleth at Newcastle Caleb Racey Webteam ISS Shibboleth experiences Program  Background  What shib has enabled  Benefits of shib  How to do shib.

Published byLee Dean Modified over 9 years ago

Similar presentations

Presentation on theme: "Shibboleth at Newcastle Caleb Racey Webteam ISS Shibboleth experiences Program  Background  What shib has enabled  Benefits of shib  How to do shib."— Presentation transcript:

1

2 Shibboleth at Newcastle Caleb Racey Webteam ISS

3 Shibboleth experiences Program  Background  What shib has enabled  Benefits of shib  How to do shib

4 Background IAMSECT Project - JISC funded  Shib early adopter  2 year project (finished this summer)  VLE focussed  Focus on shared medical students  Collaboration with Durham One of few practical deployment Projects

5 What we use shib for Blogs Mailing lists Wikis Webforms Course submission VLEs Athens

6 Blogs

7 Ease of installation: Modify php authentication code (1 man day) Benefits: User account creation automated Login never exposed to potentially untrustworthy code

8 Sympa mailings list

9 Sympa Mailing lists Ease of installation: Supported out of the box, adjust config file (1 hour) Benefits: SSO Auto account creation Allows both shib and local Auth

10 Mediawiki

11 Ease of installation: Download + install “extension” tweak config file (1 hour) Benefits: SSO User accounts creation automated Login never exposed to potentially untrustworthy code

12 Access controlled websites

13 Quick easy Access Control Ease of installation:.htaccess file by users (5 mins) Benefits: Web developers don’t need to understand complexities of secure login Auto population of info fields (email addresses etc)

14 Coursework.cs

15 Ease of installation: Install shib + configure server Work out how best to do WAYF Benefits: Federated service now possible, Durham students can now use.

16 Medical VLE

17 Ease of installation: Hard (Zope based) fast_cgi complex difficult user base Large legacy Benefits: SSO Roadmap away from legacy Reduced admin

18 Athens

19

20 Ease of installation: Hard (at the time) : - easy now? working out how to join multiple feds SSL cert incompatibility worries- now gone Benefits: SSO Reduced Admin overhead

21 What shib is not used for Blackboard in Newcastle  Blackboard shib support is UNIX based  Windows possible (but not out of the box)  Durham have test UNIX install

22 Benefits of shib International takeup = defacto standard “out of the box” shibd apps available. One web login technology to support Less SysAdmin effort Less documentation Less user education Less burden on web developers, don’t need to understand: How to do secure login How / Where to get user data

23 How to install Very brief overview of steps Prerequisites IdP SP Timescales See http://iamsect.ncl.ac.uk for detailshttp://iamsect.ncl.ac.uk

24 How to install: prerequisites Prerequisites: Identify suitable password store e.g. Active Directory Learn how to do https SSL certs, certificate Authorities Deploy WebISO or simple sign on e.g. Pubcookie, CAS, Mod_auth_Ldap

25 How to install: shib IdP Install and configure the software: not that hard (anymore) Java based (java skills not needed) Follow guide tweak xml config files Difficult bits: SSL certs (global sign or Thawte) Identify institutional data stores

26 How to Install: shib SP Linux + Apache: Prerolled RPMs= install + tweak config file (couple of hours) Windows + IIS: MSI installer= install+tweak config file (couple of hours) Java, Python, Ruby, Perl or cgi: Stick behind linux + apache, Install + configure connector (mod_jk, fast_cgi) (couple of days)

27 Where to get help  https://authdev.it.ohio- state.edu/twiki/bin/view/Shibboleth/Web Home  http://iamsect.ncl.ac.uk http://iamsect.ncl.ac.uk  http://shib.kuleuven.be/ http://shib.kuleuven.be/  http://www.switch.ch/aai/

28 Questions?

Download ppt "Shibboleth at Newcastle Caleb Racey Webteam ISS Shibboleth experiences Program  Background  What shib has enabled  Benefits of shib  How to do shib."

Similar presentations

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.
Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.

Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.
Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.

Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.
Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.

Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.
Moodle@Kidderminster College An insight Into the College VLE Graham Mason gmason@kidderminster.ac.uk.

College An insight Into the College VLE Graham Mason
Central Authentication Service Roadmap JA-SIG Winter 2004.

Central Authentication Service Roadmap JA-SIG Winter 2004.
The technical side of Portals and ePortfolios Bonnie Ferguson Michael Wilcox.

The technical side of Portals and ePortfolios Bonnie Ferguson Michael Wilcox.
April 22nd 2008 Internet2 Spring member meeting Caleb Racey Newcastle University UK Studies in Advanced Access Management.

April 22nd 2008 Internet2 Spring member meeting Caleb Racey Newcastle University UK Studies in Advanced Access Management.
Introduction to Shibboleth and the IAMSECT Project.

Introduction to Shibboleth and the IAMSECT Project.
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
2006 © SWITCH Group Management Tool Lukas Haemmerle

2006 © SWITCH Group Management Tool Lukas Haemmerle
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
METALOGIC s o f t w a r e © Metalogic Software Corporation 2004-2006 DACS Developer Overview DACS – the Distributed Access Control System.

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
Tech Track: Attribute Delivery Newcastle University Caleb Racey

Tech Track: Attribute Delivery Newcastle University Caleb Racey
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Case Study: Newcastle University

Case Study: Newcastle University
Web based single sign on Caleb Racey Web development officer Webteam, customer services, ISS.

Web based single sign on Caleb Racey Web development officer Webteam, customer services, ISS.
Iamsect.ncl.ac.u k IAMSECT Inter-institutional Authorisation Management to Support eLearning with reference to Clinical Teaching Core Middleware Programme.

Iamsect.ncl.ac.u k IAMSECT Inter-institutional Authorisation Management to Support eLearning with reference to Clinical Teaching Core Middleware Programme.

Similar presentations

Ads by Google