Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shibboleth IdP Training: Productionalization January, 2009.

Published byDarren Walsh Modified over 9 years ago

Similar presentations

Presentation on theme: "Shibboleth IdP Training: Productionalization January, 2009."— Presentation transcript:

1 Shibboleth IdP Training: Productionalization January, 2009

2 Java Virtual Machine Tuning For Sun JVM 5/6 Server option Heap space settings Varies with available memory Min/Max settings Garbage collection Multi-CPU core option Disable explicit garbage collection https://spaces.internet2.edu/display/SHIB2/JVMTuning

3 Protecting your IdP Web application listening on ports 443/8443 by default General Apache HTTPD & Tomcat hardening will work with Shibboleth

4 Logging SHIB_HOME/logs/idp-process.log Default logging configuration splits logs on a daily basis – can be changed based on need Can be configured to send email notifications on certain message levels, such as ERROR https://spaces.internet2.edu/display/SHIB2/IdPProdLoggin g https://spaces.internet2.edu/display/SHIB2/IdPProdLoggin g

5 Redundant Data Sources Define connections to redundant data sources Authentication – Login Handler Attribute resolver – Data Connector

6 Redundant Login Handlers Define an additional <LoginHandler xsi:type="UsernamePassword" login1.config jaasConfigurationLocation="file:///opt/shibbolet h-idp/conf/login1.config">... <LoginHandler xsi:type="UsernamePassword" login2.config jaasConfigurationLocation="file:///opt/shibbolet h-idp/conf/login2.config">...

7 Redundant Data Connectors Use <resolver:DataConnector id="ldap1" xsi:type="LDAPDirectory" xmlns="urn:mace:shibboleth:2.0:resolver:dc" ldap://ldap1.example.org ldapURL="ldap://ldap1.example.org"...>... ldap2 <resolver:DataConnector id="ldap2" xsi:type="LDAPDirectory" xmlns="urn:mace:shibboleth:2.0:resolver:dc" ldap://ldap2.example.org ldapURL="ldap://ldap2.example.org"...

8 Certificates Some federations operate their own CA End user browsers may not recognize the federation CA Use a different certificate for the authentication page

9 Certificates

10 Metadata Signature Validation Metadata… should be signed by the publisher signatures should be validated InCommon does publish signed metadata Metadata provider definition

11 Metadata Signature Validation Download the InCommon signing certificate Add a metadata trust engine definition Add a metadata provider filter https://spaces.internet2.edu/display/SHIB2/IdPMetadat aProvider https://spaces.internet2.edu/display/SHIB2/IdPMetadat aProvider

12 High Availability/Clustering Clustering is supported, limited documentation Different types of clustering solutions Failover Load balancing Concerns Session state preservation Different architectures

13 High Availability/Clustering Configuration of Terracotta, an open source clustering solution, is provided Load-balancing is sufficient for most deployments https://spaces.internet2.edu/display/SHIB 2/IdPCluster

14 Troubleshooting SHIB_HOME/logs/idp-process.log Common errors are documented in the wiki Time synchronization is important https://spaces.internet2.edu/display/SHIB2/IdPTroubleshootingCom monErrors

Download ppt "Shibboleth IdP Training: Productionalization January, 2009."

Similar presentations

Suchin Rengan Principal Technical Architect Salesforce.com

Suchin Rengan Principal Technical Architect Salesforce.com
Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.

Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.
Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.

Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.
In Production Juan Marin. Agenda Introduction Reliability Availability Performance Data optimizations Runtime optimizations Measuring your environment.

In Production Juan Marin. Agenda Introduction Reliability Availability Performance Data optimizations Runtime optimizations Measuring your environment.
Sun Identity Manager Evaluation An exploration by the Advanced Systems Team, ICSD, Academic Services.

Sun Identity Manager Evaluation An exploration by the Advanced Systems Team, ICSD, Academic Services.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
A Short Tutorial for Dandelion Confluence. In Confluence, you can do more than working with your collaborators on editing documents... Our system allows.

A Short Tutorial for Dandelion Confluence. In Confluence, you can do more than working with your collaborators on editing documents... Our system allows.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Infrastructure for Multi-Professional Education and Training Using Shibboleth.

Infrastructure for Multi-Professional Education and Training Using Shibboleth.
DBI405. Agenda Reporting Services Scale Out Architecture Report Catalog Best Practices Scale Out Deployment Best Practices Performance Optimization.

DBI405. Agenda Reporting Services Scale Out Architecture Report Catalog Best Practices Scale Out Deployment Best Practices Performance Optimization.
Session-01. What is a Servlet? Servlet can be described in many ways, depending on the context: 1.Servlet is a technology i.e. used to create web application.

Session-01. What is a Servlet? Servlet can be described in many ways, depending on the context: 1.Servlet is a technology i.e. used to create web application.
(ITI310) By Eng. BASSEM ALSAID SESSIONS 8: Network Load Balancing (NLB)

(ITI310) By Eng. BASSEM ALSAID SESSIONS 8: Network Load Balancing (NLB)
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Tomcat Celsina Bignoli History of Tomcat Tomcat is the result of the integration of two groups of developers. – JServ, an open source.

Tomcat Celsina Bignoli History of Tomcat Tomcat is the result of the integration of two groups of developers. – JServ, an open source.
Grouper UI Part 1 Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.

Grouper UI Part 1 Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.
Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.

Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.
Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.

Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.
Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.

Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.
Module 1 Introduction to Managing Microsoft® Windows Server® 2008 Environment.

Module 1 Introduction to Managing Microsoft® Windows Server® 2008 Environment.

Similar presentations

Ads by Google