Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am.

Published byLaura Mosley Modified over 9 years ago

Similar presentations

Presentation on theme: "Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am."— Presentation transcript:

1 Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am

2 2 Implementing Kuali Identity Management at your Institution Eric Westfall Indiana University ewestfal@indiana.edu Dan Seibert University of California, San Diego dseibert@ucsd.edu

3 Integrating KIM with other IdM products Implementing Kuali Identity Management at your Institution 3

4 4 KIM Integration Integration with various Identity Management Systems

5 5 Integrating KIM with CAS

6 6 Integrating KIM with LDAP LDAP Integration Efforts University of Arizona San Joaquin Delta College UC Davis Using CAS to connect to LDAP

7 7 KIM with LDAP (UofA example) UA netid is used for authentication Identity information is available in UA’s Enterprise Directory Service (EDS) Connect to EDS using Spring LDAP and overriding the KIM IdentityService KIM ParameterService provides map between KIM and LDAP attributes In order to use the KIM GUI’s properly, the UIDocumentService is also overridden

8 8 Integrating KIM with LDAP Configure CAS to connect to LDAP

9 9 with Intra-campus Web SSO Federated Access to a Rice application KIM as an Identity Provider (IdP) Using Shibboleth Attributes for KIM authorization

10 10 with Federated Authentication Shibboleth Login Process

11 11 with Federated Authentication Protecting a Rice application as a Service Provider (SP) A web server and openssl must be available first Add Shibboleth filters to the web server. Metadata defines the attributes to be passed between the Identity Provider and Service Provider. Override KIM Authentication Service

12 12 with Federated Authentication Metadata Example: <AttributeRule Name= “urn:mace:dir:attribute-def:eduPersonPrincipalName” Header=“REMOTE_USER” Alias=“eppn”>

13 13 with KIM as an Identity Provider Prerequisites: SSL certificate, source of SAML Metadata Install Shibboleth IdP Load SAML Metadata Configure KIM as the User Authentication Mechanism Implement kimAuthenticationService to authenticate the user and provide the appropriate attributes.

14 14 with KIM as user Authentication Mechanism Define Login Handler to match AuthenticationService Ex: Remote User for reference AuthenticationService Username/Password for LDAP Implementation Provide service endpoint for AuthenticationServiceImpl

15 15 with Authorization Attributes Using Shibboleth Attributes for KIM Authorization Identify Attribute Sources Define Policies for Attribute Handling, for SPs Define New Business Processes Define New Policies

16 16 with Federated Authentication

17 17 with KIM / Grouper Collaboration

18 18 with Adapter Overview Custom Implementation of KIM Services using Grouper Client API GroupService GroupUpdateService IdentityService

19 19 with Installation grouperClient.jar grouperKimConnector.jar grouper.client.properties Override kimGroupService, kimIdentityService https://spaces.internet2.edu/display/GrouperWG/Grouper+integration+with+ Kuali+Rice

20

Download ppt "Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am."

Similar presentations

>> Fronter Helsinki, April 8 th, 2008 Aleksander Pettersen.

>> Fronter Helsinki, April 8 th, 2008 Aleksander Pettersen.
Towards Common Identity Services Tom Barton University of Chicago.

Towards Common Identity Services Tom Barton University of Chicago.
CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.

CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.
Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, 2010 8:30 am.

Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
CASE STUDY: UNIVERSITY OF CALIFORNIA, DAVIS. UNIVERSITY OF CALIFORNIA, DAVIS Implemented Rice 1.0.0 in October 2009 Integrated home-grown Faculty Merit.

CASE STUDY: UNIVERSITY OF CALIFORNIA, DAVIS. UNIVERSITY OF CALIFORNIA, DAVIS Implemented Rice in October 2009 Integrated home-grown Faculty Merit.
Portal … from the trenches! Deployment Patterns

Portal … from the trenches! Deployment Patterns
Implementing Kuali Identity Management at your Institution Kuali Days VIII San Antonio Texas Pre-conference Workshop Monday, November 16, 2009 9 a.m. -

Implementing Kuali Identity Management at your Institution Kuali Days VIII San Antonio Texas Pre-conference Workshop Monday, November 16, a.m. -
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
AAI with simpleSAMLphp

AAI with simpleSAMLphp
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects.

1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects.
Kuali Rice at Indiana University Rice Setup Options July 29-30, 2008 Eric Westfall.

Kuali Rice at Indiana University Rice Setup Options July 29-30, 2008 Eric Westfall.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Shibboleth IdP Training: Productionalization January, 2009.

Shibboleth IdP Training: Productionalization January, 2009.

Similar presentations

Ads by Google