Presentation is loading. Please wait.

Presentation is loading. Please wait.

Administrative Information Systems Shibboleth Install Session Technical Information Session for Developers Datta Mahabalagiri.

Published byMoris Mills Modified over 9 years ago

Similar presentations

Presentation on theme: "Administrative Information Systems Shibboleth Install Session Technical Information Session for Developers Datta Mahabalagiri."— Presentation transcript:

1 Administrative Information Systems Shibboleth Install Session Technical Information Session for Developers Datta Mahabalagiri

2 Administrative Information Systems Identity Provider (IdP) The “server” side of Shibboleth HS: SSO/Authentication AA: Attributes One instance per campus

3 Administrative Information Systems Service Provider (SP) The “consumer” side of Shibboleth Apache Module or IIS ISAPI filter plus shibboleth daemon Handles all interactions with IdP Attributes in HTTP header Software by Internet2

4 Administrative Information Systems Federation Key/Cert, Metadata WAYF

5 Administrative Information Systems

6 Architecture Application / Resource WAYF Identity ProviderService Provider 1 ACS 3 2 HS 5 6 7 User DB Credentials 4 AR Handle 8 9 AA Attributes 10 Attributes © SWITCH Attribute Repository SSO (ISIS)

7 Administrative Information Systems Resource WAYF Identity Provider at UCLA Service Provider 1 ACS I don’t know you. Not even which home org you are from. Redirect your request to the WAYF 3 2 Please tell me where are you from? HS 5 6 I don’t know you. Please authenticate Using ISIS 4 OK, I redirect your request now to the Handle Service of UCLA. AR Handle 8 I don’t know the attributes of this user. Let’s ask the Attribute Authority Handle 9 AA Let’s pass over the attributes the user has allowed me to release Attributes 10 Resoure Manager Attributes OK, based on the attributes, I grant access to the resource 7 User DB Credentials OK, I know you now. Redirect your request to the SP, together with a handle

8 Administrative Information Systems Access Control Read Http header request.getAttribute(“mail”) request.getAttribute(“Affiliation”) If (affiliation == student) allow Read access Else If (affiliation == faculty) allow Edit access

9 Administrative Information Systems Where to get help? Internet2: https://spaces.internet2.edu/display/SHIB/WebHome Mailing list: http://shibboleth.internet2.edu/lists.html AIS: https://spaces.ais.ucla.edu/display/iamucla/Homehttps://spaces.ais.ucla.edu/display/iamucla/Home AIS: iamucla@ucla.eduiamucla@ucla.edu

Download ppt "Administrative Information Systems Shibboleth Install Session Technical Information Session for Developers Datta Mahabalagiri."

Similar presentations

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.
Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.

Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.
Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.

Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.
P.L. FabbriPula 20 - 22 Ottobre 2008C.I.G.S. VNC Server Client side Instrument side VNC Viewer CigsIRC.exe HTTP Client SEM1_CTRL.exe HTTP Server AXIS Video.

P.L. FabbriPula Ottobre 2008C.I.G.S. VNC Server Client side Instrument side VNC Viewer CigsIRC.exe HTTP Client SEM1_CTRL.exe HTTP Server AXIS Video.
ICDL 2004, New Delhi1 Access Management for Digital Libraries in a well-connected World John Paschoud SECURe Project London School of Economics Library.

ICDL 2004, New Delhi1 Access Management for Digital Libraries in a well-connected World John Paschoud SECURe Project London School of Economics Library.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
Infrastructure for Multi-Professional Education and Training Using Shibboleth.

Infrastructure for Multi-Professional Education and Training Using Shibboleth.
NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.

NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.
Shibboleth Update a.k.a. “shibble-ware”

Shibboleth Update a.k.a. “shibble-ware”
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March 3. 2008.

Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
2003 © SWITCH Realization of a Vision: Authentication and Authorization Infrastructure for the Swiss Higher Education Community Copyright Martin Sutter,

2003 © SWITCH Realization of a Vision: Authentication and Authorization Infrastructure for the Swiss Higher Education Community Copyright Martin Sutter,
Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.

Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.
Federated A(A(A))I Jens Jensen hepsysman, RAL, 20110701.

Federated A(A(A))I Jens Jensen hepsysman, RAL,
Project Shibboleth Update, Demonstration and Discussion Michael R Gettes Duke University (on behalf of the entire shib team!!!) June.

Project Shibboleth Update, Demonstration and Discussion Michael R Gettes Duke University (on behalf of the entire shib team!!!) June.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
AAI with simpleSAMLphp

AAI with simpleSAMLphp
SWITCHaai Team Introduction to Shibboleth.

SWITCHaai Team Introduction to Shibboleth.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.

Similar presentations

Ads by Google