Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shibboleth 2.0 IdP Training: Authentication January, 2009.

Published byAlbert Lewis Modified over 9 years ago

Similar presentations

Presentation on theme: "Shibboleth 2.0 IdP Training: Authentication January, 2009."— Presentation transcript:

1 Shibboleth 2.0 IdP Training: Authentication January, 2009

2 Terms: Authentication Mechanism A mechanism used to authenticate a user Shibboleth 2 supports the following authentication mechanisms: Remote User Username/Password (LDAP, Kerberos) IP Address

3 Terms: Login Handler An IdP component that configures authentication mechanisms

4 Terms: Session Contains State information about the user Active authentication methods Services the user is signed into Created when user authenticates Session termination = user must authenticate again Many different sessions in federated identity

5 Login Handler: Configuration Login handlers are defined in handler.xml Defined by Must have a type ( xsi:type ) and at least one authentication method Each type has its own set of configuration attributes

6 Login Handler: RemoteUser Login handler that relies on the web server or servlet container for authentication REMOTE_USER is set as the user’s principal name Type: RemoteUser Configuration attributes: (none)

7 Login Handler: UsernamePassword Login handler that prompts for a username and password Validates against a JAAS module LDAP & Kerberos 5 supported Type: UsernamePassword Configuration attributes jaasConfigurationLocation

8 Login Handler: UsernamePassword A login page is provided and will be presented to the user /var/setup/identityprovider/resources/webpages/login.js p Multiple UsernamePassword login handlers can be defined Different authentication methods Failover in case a provider is down

9 Lab: Login Handlers Modify handler.xml to enable the UsernamePassword login handler Configure login.config to use the training LDAP server

10 Login Handler: Authentication Duration Each authentication mechanism supports an inactivity timeout After this timeout expires the mechanism is considered inactive for that user If the user attempts to access a new service provider that requires that authentication mechanism they must re- authenticate

11 Login Handler: Authentication Duration The activity timeout is configured by setting a value for the authenticationDuration attribute for the element The value is the number of minutes of inactivity; the default value is 30

12 Forced Authentication SAML 2 allows a service provider to force authentication of the user, even if the user has an existing session. This is supported in mechanisms that can re- authenticate a user UsernamePassword – yes REMOTE_USER – no The service provider will receive an error if the IdP cannot support forced authentication

13 References More information on IdP authentication can be found at: https://spaces.internet2.edu/display/SHIB2/IdPU serAuthn

Download ppt "Shibboleth 2.0 IdP Training: Authentication January, 2009."

Similar presentations

Suchin Rengan Principal Technical Architect Salesforce.com

Suchin Rengan Principal Technical Architect Salesforce.com
Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.

Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Dynamic Sessions OASIS Security Services Face to Face #3 June 25, 2001.

Dynamic Sessions OASIS Security Services Face to Face #3 June 25, 2001.
Remote User Authentication in Digital Libraries

Remote User Authentication in Digital Libraries
Radius based ssh authentication Location of Radius server – radius-server host 192.168.1.2 auth-port 1812 acct-port 1813 key WinRadius – The same config.

Radius based ssh authentication Location of Radius server – radius-server host auth-port 1812 acct-port 1813 key WinRadius – The same config.
Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.

Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.
Your NEW Social Services Verification Tool

Your NEW Social Services Verification Tool
JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.
Custom Authentication Services Jim McCusker (Yale University) Arch/VCDE F2F October 29, 2008.

Custom Authentication Services Jim McCusker (Yale University) Arch/VCDE F2F October 29, 2008.
(Remote Access Security) AAA. 2 Authentication User named flannery dials into an access server that is configured with CHAP. The access server will.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
Infrastructure for Multi-Professional Education and Training Using Shibboleth.

Infrastructure for Multi-Professional Education and Training Using Shibboleth.
Creating a deployment package Importing a package with IIS Manager Exporting from IIS Manager.

Creating a deployment package Importing a package with IIS Manager Exporting from IIS Manager.
Development and Implementation of Multifactor Authentication Motonori Nakamura at National Institute of Informatics and Takuya Matsuhira at Kanazawa University,

Development and Implementation of Multifactor Authentication Motonori Nakamura at National Institute of Informatics and Takuya Matsuhira at Kanazawa University,
Www.eduserv.org.uk/openathens Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager.

Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager.
S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.

S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.
Administrator Training. Login Screen Filled Forms Screen Logging In.

Administrator Training. Login Screen Filled Forms Screen Logging In.
03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.

03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.
Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.

Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.
August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee.

August 25, SSO with Microsoft Active Directory Presented by: Craig Larrabee.

Similar presentations

Ads by Google