Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, 2010 8:30 am.

Published byAbraham Benson Modified over 9 years ago

Similar presentations

Presentation on theme: "Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, 2010 8:30 am."— Presentation transcript:

1 Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, 2010 8:30 am

2 2 Kuali Identity Management: Introduction and Implementation Options Eric Westfall Indiana University ewestfal@indiana.edu Dan Seibert University of California, San Diego dseibert@ucsd.edu

3 Integrating KIM with other IdM products Implementing Kuali Identity Management at your Institution 3

4 4 What is KIM? A module of Kuali Rice Common Interface and Service Layer Integrated Reference Implementation Set of User Interfaces KIM is not just “Identity Management”, it’s also “Access Management”

5 5 What KIM is Not A Full-Fledged Identity Management System Provisioning Hooks to update other systems Duplication Management An Identity Aggregator An Authentication Implementation

6 Why Did We Create KIM?

7 7 Motivations Expansion of Kuali Common Identity Management API Consistent Authorization Implementation

8 8 What we did not want KF S KC KS IDM

9 9 What we did want KF S KC KS KI M

10 10 Design Considerations Existence of Other IdM Solutions Legacy/Existing Implementations Replaceable Services Separation of Concerns Service Bus Maintenance GUIs

11 KIM Terminology

12 12 KIM Terminology Namespace Entity Principal Principal ID Principal Name Person Entity Type

13 13 KIM Terminology Group Role Qualifier Permission / Permission Template Responsibility / Responsibility Template

14 14 Namespace Prevent Naming Conflicts Allow for Permissions to be Segmented Examples: KR-KNS KR-WRKFLW KFS-SYS KFS-AP KC-SYS

15 15 Entity Principal Principal ID Principal Name Entity Type Names Addresses Phone Numbers Email Addresses

16 16 Group Namespace Group Type Attributes

17 17 Role Namespace Role Type Qualifiers Role Type Services Delegations Primary Secondary

18 18 Permission / Permission Template Permission Template Permission Permission Details Permission Type Service Assigned to Roles

19 19 Responsibility / Responsibility Template Responsibility Template Review Resolve Exception Responsibility Responsibility Details Responsibility Type Service Assigned to Roles

20 KIM Services

21 21 Components Service Interface API Reference Implementation Functional Maintenance User Interfaces

22 22 KIM Core Services Identity Service Group Service Role Service Permission Service Responsibility Service “Authentication” Service

23 23 Other KIM Services Identity Management Service Role Management Service Person Service Identity Archive Service “Update” Services

24 24 KIM Service Architecture

25 25 Remember… The primary goal of KIM was to build a service-oriented abstraction layer for Identity and Access Management Integration with other IDM services was acknowledged, expected, and designed for!

26 26 KIM Integration Rice Databas e Identit y Servic e Responsibili ty Service Permissio n Service Group Servic e Role Servic e KIM Service Layer Reference Implementations OpenRegistry ?

27 Integrating KIM with other IdM products Implementing Kuali Identity Management at your Institution

28 28 KIM Integration Integration with various Identity Management Systems

29 29 with Intra-campus Web SSO Federated Access to a Rice application KIM as an Identity Provider (IdP) Using Shibboleth Attributes for KIM authorization

30 30 with Intra-campus Web SSO Federated Access to a Rice application KIM as an Identity Provider (IdP) Using Shibboleth Attributes for KIM authorization

31 31 with Federated Authentication Shibboleth Login Process

32 32 with Federated Authentication Protecting a Rice application as a Service Provider (SP) A web server and openssl must be available first Install Shibboleth Configure the web server Override KIM Authentication Service Start the Shibboleth daemon, shibd

33 33 with KIM as an Identity Provider Prerequisites: SSL certificate, source of SAML Metadata Install Shibboleth IdP Load SAML Metadata Configure KIM as the User Authentication Mechanism

34 34 with KIM as user Authentication Mechanism Define Login Handler to match AuthenticationService Impl Ex: Remote User for reference AuthenticationServiceImpl Username/Password for LDAP Impl

35 35 with Authorization Attributes Shibboleth Attributes as KIM Authorization Identify Attribute Sources Define Policies for Attribute Handling, for SPs Define New Business Processes Define New Policies

36 36 with Federated Authentication

37 37 with Collaborative development of KIM/Grouper Adaptors Chris Hyzer, University of Pennsylvania Differences between KIM and Grouper How they might work together

38 38 with Differences between KIM and Grouper

39 39 with Adapter Overview Custom Implementation of KIM Services using Grouper Client API GroupService GroupUpdateService IdentityService

40 40 with Installation grouperClient.jar grouperKimConnector.jar grouper.client.properties Override kimGroupService

41 41 Integrating KIM with LDAP UofA LDAP Integration Approach (UCDavis, SJDC also have implementations) Using CAS to connect to LDAP

42 42 KIM with LDAP (UofA example) UA netid is used for authentication Identity information is available in UA’s Enterprise Directory Service (EDS) Connect to EDS using Spring LDAP and overriding the KIM IdentityService KIM ParameterService provides map between KIM and LDAP attributes In order to use the KIM GUI’s properly, the UIDocumentService is also overridden

43 43 Integrating KIM with LDAP Configure CAS to connect to LDAP

44

Download ppt "Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, 2010 8:30 am."

Similar presentations

Towards Common Identity Services Tom Barton University of Chicago.

Towards Common Identity Services Tom Barton University of Chicago.
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.

CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.
Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, 2010 8:30 am.

Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.
Introduction to Kuali Rice ITANA Screen2Screen: Kuali on Campus May 2009 Eric Westfall – Kuali Rice Project Manager.

Introduction to Kuali Rice ITANA Screen2Screen: Kuali on Campus May 2009 Eric Westfall – Kuali Rice Project Manager.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
CASE STUDY: UNIVERSITY OF CALIFORNIA, DAVIS. UNIVERSITY OF CALIFORNIA, DAVIS Implemented Rice 1.0.0 in October 2009 Integrated home-grown Faculty Merit.

CASE STUDY: UNIVERSITY OF CALIFORNIA, DAVIS. UNIVERSITY OF CALIFORNIA, DAVIS Implemented Rice in October 2009 Integrated home-grown Faculty Merit.
Implementing Kuali Identity Management at your Institution Kuali Days VIII San Antonio Texas Pre-conference Workshop Monday, November 16, 2009 9 a.m. -

Implementing Kuali Identity Management at your Institution Kuali Days VIII San Antonio Texas Pre-conference Workshop Monday, November 16, a.m. -
AAI with simpleSAMLphp

AAI with simpleSAMLphp
Introduction to Kuali Rice Presented at Internet2 April 2009 Eric Westfall – Kuali Rice Project Manager Bill Yock – Vice Chair, Kuali Rice Board of Directors.

Introduction to Kuali Rice Presented at Internet2 April 2009 Eric Westfall – Kuali Rice Project Manager Bill Yock – Vice Chair, Kuali Rice Board of Directors.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects.

1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects.
Kuali Rice at Indiana University Rice Setup Options July 29-30, 2008 Eric Westfall.

Kuali Rice at Indiana University Rice Setup Options July 29-30, 2008 Eric Westfall.
SWITCHaai Team Introduction to Shibboleth.

SWITCHaai Team Introduction to Shibboleth.
Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.

Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Eric Westfall – Indiana University Jeremy Hanson – Iowa State University Building Applications with the KNS.

Eric Westfall – Indiana University Jeremy Hanson – Iowa State University Building Applications with the KNS.

Similar presentations

Ads by Google