Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shibboleth Identity Provider Version 3 Scott Cantor The Ohio State University Marvin Addison Virginia Tech.

Similar presentations


Presentation on theme: "Shibboleth Identity Provider Version 3 Scott Cantor The Ohio State University Marvin Addison Virginia Tech."— Presentation transcript:

1 Shibboleth Identity Provider Version 3 Scott Cantor The Ohio State University Marvin Addison Virginia Tech

2 A Bit of History Version 1 – 2003 – 2008 SAML 1, inventing a lot of concepts on the fly Version 2 – 2008 – 2015 SAML 2, harmonizing two protocols Version 3 – 2015 - ? Focus on design, deployability, and sustainability over features 2

3 Why Upgrade? Compelling reasons for you Easier UI and login customization, error handling, simpler clustering, attribute release consent, easier handling of vendor quirks, CAS protocol support, much improved update process Compelling reasons for us Up to date library stack, much easier to deliver future enhancements Version 2 maintenance is a major drain on limited resources A practical reason Version 2 maintenance and user support is finite 3

4 IdPv3 Highlights A rough enhancement list posted to mailing list, see http://tinyurl.com/idpv3 http://tinyurl.com/idpv3 Highlights: Authentication flexibility Error handling much improved, including some i18n Clustering improvements (client-side, Hibernate, memcache, TBD) Hopefully fixes the multi-tab login bug CAS server implementation Simpler to grok NameID generation / selection More powerful per-RP grouping and options Extensive customizing via scripting 4

5 Upgrades from V2 Install script can upgrade a V2 install by: backing up conf and war installing new files, but copying in old relying- party.xml, attribute-resolver.xml, attribute-filter.xml setting a property in new idp.properties file to enable legacy relying-party.xml support generating password-protected secret keystore leaves your public/private credentials alone Cannot upgrade any other settings, including authentication 5

6 Future Upgrades We're hoping to detect or prompt for "legacy" V3 configs vs. fresh or migrated configs If you don't touch system/ we won't break your deployment on any 3.x upgrade 6


Download ppt "Shibboleth Identity Provider Version 3 Scott Cantor The Ohio State University Marvin Addison Virginia Tech."

Similar presentations


Ads by Google