Presentation is loading. Please wait.

Presentation is loading. Please wait.

INTEGRATION WITH OTHER IDM SOLUTIONS Remember… The primary goal of KIM was to build a service- oriented abstraction layer for Identity and Access Management.

Published byAmelia Potter Modified over 9 years ago

Similar presentations

Presentation on theme: "INTEGRATION WITH OTHER IDM SOLUTIONS Remember… The primary goal of KIM was to build a service- oriented abstraction layer for Identity and Access Management."— Presentation transcript:

1 INTEGRATION WITH OTHER IDM SOLUTIONS Remember… The primary goal of KIM was to build a service- oriented abstraction layer for Identity and Access Management Integration with other IDM services was acknowledged, expected, and designed for!

2 KIM INTEGRATION Integration with various Identity Management Components

3 KIM INTEGRATION Rice Database KIM Service Layer Reference Implementations

4 KIM INTEGRATION WITH CAS – Authentication system for Single Sign On (SSO) Two ways to integrate: CAS Server Rice Client Application Integration with Rice Client application will be the most likely integration scenario this is what we will focus on

5 CAS – RICE CLIENT INTEGRATION Integrate the CAS client with: Kuali Rice Standalone Server A Kuali Rice client application KIM provides an “AuthenticationService” which is used to inform the Rice framework about the authenticated principal Default implementation simply reads REMOTE_USER Sufficient for CAS integration

6 CAS – SETUP Simply configure the standard CAS servlet filters in your web.xml as you would normally AuthenticationFilter Cas20ProxyReceivingTicketValidationFilter HttpServletRequestWrapperFilter The usernames entered into the CAS login must match the principal names in your KIM implementation

7 KIM INTEGRATION WITH Microsoft Active Directory provides “LDAP-like” directory services among other network services You can integrate with this through LDAP (see next topic) Can also use this for groups This particular usage has been implemented at Indiana University We will look at it in detail during the case studies

8 INTEGRATING KIM WITH LDAP FOR IDENTITY LDAP Integration Efforts University of Arizona San Joaquin Delta College UC Davis Naval Post Graduate School Others… rSmart has worked with these various institutions to implement this integration

9 INTEGRATING KIM WITH LDAP FOR IDENTITY Will be included as a standard feature in a future version of Kuali Rice. Code exists in Rice 2.0, not fully tested for Beta1 Essentially involves customizing the IdentityService to load entity data from LDAP Will learn more details about how this works in the University of Arizona case study

10 KIM INTEGRATION WITH Intra-campus Web SSO Federated Access to a Rice application Using Shibboleth Attributes for KIM authorization

11 FEDERATED AUTHENTICATION Shibboleth Login Process

12 FEDERATED AUTHENTICATION Protecting a Rice application as a Service Provider (SP) A web server and openssl must be available first Add Shibboleth filters to the web server. Metadata defines the attributes to be passed between the Identity Provider and Service Provider. Override KIM Authentication Service

13 FEDERATED AUTHENTICATION Metadata Example: <AttributeRule Name=“urn:mace:dir:attribute-def:eduPersonPrincipalName” Header=“REMOTE_USER” Alias=“eppn”>

14 AUTHORIZATION ATTRIBUTES Using Shibboleth Attributes for KIM Authorization Entity Attributes Group Roles Permissions / Responsibilities

15 KIM INTEGRATION WITH In collaboration with Kuali Rice, the Internet2 Grouper team created a connector from the KIM GroupService to Grouper This connector was released and is available in Grouper 1.6 and later releases

16 ADAPTER OVERVIEW Custom Implementation of KIM Services using Grouper Client API GroupService GroupUpdateService IdentityService

17 INSTALLATION grouperClient.jar grouperKimConnector.jar grouper.client.properties Override kimGroupService and kimIdentityService

18 HOW TO OVERRIDE A KIM SERVICE <beans xmlns=http://www.springframework.org/schema/be ans …

19 KIM INTEGRATION WITH Recall… Earlier we stated that KIM is NOT an identity aggregator or provisioning tool However, Microsoft Forefront has this functionality Indiana University has used this tool as part of it’s Kuali Identity Management implementation Essentially synchronizes identities from multiple sources into our KIM database Will talk about this more in the IU case study

Download ppt "INTEGRATION WITH OTHER IDM SOLUTIONS Remember… The primary goal of KIM was to build a service- oriented abstraction layer for Identity and Access Management."

Similar presentations

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.

CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Presenter(s): Candace Soderston Matt Sargent Bill Yock Date:November 16, 2011 Time:2:30 to 3:30 pm Help Shape the Future of Open Source Identity and Access.

Presenter(s): Candace Soderston Matt Sargent Bill Yock Date:November 16, 2011 Time:2:30 to 3:30 pm Help Shape the Future of Open Source Identity and Access.
Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, 2010 8:30 am.

Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.
Introduction to Kuali Rice ITANA Screen2Screen: Kuali on Campus May 2009 Eric Westfall – Kuali Rice Project Manager.

Introduction to Kuali Rice ITANA Screen2Screen: Kuali on Campus May 2009 Eric Westfall – Kuali Rice Project Manager.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Identity management integration options for Office 365

Identity management integration options for Office 365
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
Software Frameworks for Acquisition and Control European PhD – 2009 Horácio Fernandes.

Software Frameworks for Acquisition and Control European PhD – 2009 Horácio Fernandes.
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.

Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
Important when you launch Yammer Enterprise Create an engaged and trusted community Decide about User Profile Syncs Various User and Admin.

Important when you launch Yammer Enterprise Create an engaged and trusted community Decide about User Profile Syncs Various User and Admin.
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
CASE STUDY: UNIVERSITY OF CALIFORNIA, DAVIS. UNIVERSITY OF CALIFORNIA, DAVIS Implemented Rice 1.0.0 in October 2009 Integrated home-grown Faculty Merit.

CASE STUDY: UNIVERSITY OF CALIFORNIA, DAVIS. UNIVERSITY OF CALIFORNIA, DAVIS Implemented Rice in October 2009 Integrated home-grown Faculty Merit.
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Implementing Kuali Identity Management at your Institution Kuali Days VIII San Antonio Texas Pre-conference Workshop Monday, November 16, 2009 9 a.m. -

Implementing Kuali Identity Management at your Institution Kuali Days VIII San Antonio Texas Pre-conference Workshop Monday, November 16, a.m. -
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Similar presentations

Ads by Google