Your SlideShare is downloading. ×
0
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Shibboleth Guided Tour Webinar

2,825

Published on

The Shibboleth® System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions …

The Shibboleth® System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner.

* Get an overview of the technical basics of Shibboleth.
* Learn about the two primary parts to the Shibboleth system.
* Review the numerous services and options of Shibboleth.
* See a live demo of Shibboleth in action.

Published in: Technology, Sports
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,825
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
93
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Experience, Expertise and the trusted mechanic
  • Supporting Open, standards-based architecture IMS Global Learning Consortium, Inc. Leading independent commercial provider of uPortal Sakai and uPortal Commercial Affiliate Zimbra VAR
  • As you can see from this slide, Unicon has been instrumental in the higher education community. We have a great amount of experience helping institutions adopt open-source technologies.
  • Implementation Planning and Assessment Installation/Configuration Branding Training
  • Transcript

    • 1. Shibboleth Guided Tour John A. Lewis Chief Software Architect Unicon, Inc. 20 November 2008 © Copyright Unicon, Inc., 2008. Some rights reserved. This work is licensed under a Creative Commons Attribution-Noncommercial- Share Alike 3.0 United States License. To view a copy of this license, visit: http://creativecommons.org/licenses/by-nc-sa/3.0/us/
    • 2.
      • Software Consulting Services
      • 3. Founded in 1993
      • 4. Privately-Held Company
      • 5. Located in Chandler, Arizona
      Unicon Profile Our Vision IT Services for Education Specializing in Open Source
    • 6. IT Services
      • Software Engineering
      • 7. Systems Integration
      • 8. Technology Delivery and Support
      IT Services For Education Domain Expertise
      • Higher Education
      • 9. Curriculum & Assessment
      • 10. Learning Management
      • 11. Enterprise Portals
      • 12. Online Campus Services
      • 13. Publishing
      • 14. Secure Authentication
    • 15. Specializing in Open Source
      • Technology Solutions
        • Enterprise Portal
        • 16. Learning Management
        • 17. Secure Authentication
        • 18. eMail and Collaboration
      • Open Standards
    • 19. Higher Education Customers A partial list...
    • 20. Unicon Services for Shibboleth
      • Implementation Planning
      • 21. Branding and User Experience
      • 22. Installation and Configuration
      • 23. Custom Development
      • 24. Shibbolize uPortal, Sakai, and other applications
    • 25. Identity Management & SAML
    • 26. Why Makes Identity Important?
      • Connects
      • Lots of other things
        • security, privacy, spam,
        • 28. secrecy, trust, authority,
        • 29. collaboration, convenience,
        • 30. ...
    • 31. Evolution of User Identity
      • Application Silos
        • Each with their own logins and passwords
      • Common Directories / Databases
        • Central store for person information
      • Single Sign-On
        • Central login system for multiple applications
      • Federated Identity
        • Trusted identity information from others
    • 32. Why Federated Identity?
      • Authoritative information
        • Users, privileges, attributes
      • Improved security
        • Fewer user accounts in the world
      • Privacy when needed
        • Fine control over attribute sharing
      • Saves time & money
        • Less work administrating users
    • 33. What Is Identity Management?
      • More than account creation, directories, authentication, access controls, ...
      • 34. Includes policy, process, governance, trust
      • 35. Need new ways of thinking about controlling access to IT services
      “ A set of processes, and a supporting infrastructure, for the creation, maintenance, and use of digital identities.” – Burton Group
    • 36.  
    • 37. What Is SAML?
      • Security Assertion Markup Language (SAML)
      • 38. XML-based Open Standard
      • 39. Exchange authentication and authorization data between security domains
        • Identity Provider (a producer of assertions)
        • 40. Service Provider (a consumer of assertions)
      • Approved by OASIS Security Services
        • SAML 1.0 November 2002
        • 41. SAML 2.0 March 2005
    • 42. Major SAML Applications
      • Microsoft DreamSpark
      • 50. Moodle, Joomla, Drupal
      • 51. JSTOR, ArtSTOR, OCLC
      • 52. Blackboard & WebCT
      • 53. Webassign
      • 54. Media Wiki / Confluence
      • 55. National Institutes of Health
    • 56. Commercial Support for SAML
    • 67. How Federated Identity Works
      • A user tries to access a protected application
      • 68. The user tells the application where it’s from
      • 69. The user logs in at home
      • 70. Home tells the application about the user
      • 71. The user is rejected or accepted
    • 72. Identity Provider Service Provider User User Directory Application / Database
    • 73. Shibboleth
    • 74. Shibboleth
      • Enterprise federated identity software
        • Based on standards (principally SAML)
        • 75. Extensive architectural work to integrate with existing systems
        • 76. Designed for deployment by communities
      • Most widely used in education, government
      • 77. Broadly adopted in Europe
      • 78. New 2.0 release implements SAML 2
        • Backward compatible with 1.3
    • 79. Shibboleth Project
      • Free & Open Source
        • Apache 2.0 license
      • Enterprise and Federation oriented
      • 80. Started 2000 with first released code in 2003
      • 81. Excellent community support
        • http://shibboleth.internet2.edu
        • 82. [email_address]
    • 83. Quick Demo Demo Links:
      • https://spaces.internet2.edu/
      • 84. https://www.internet2.edu/secure/env.php
      • 85. https://www.protectnetwork.org/
    • 86. The Shibboleth IdP
      • Written as a Java web applications
        • Runs in any Servlet 2.4 container
      • Supports multiple protocols
      • 87. Does not contain attributes or logins
        • Relies on external LDAP / Kerberos / SQL / etc.
      • Extensive controls for the release of attributes
    • 88. Tomcat Shibboleth IdP Directory / Database Web Browser Shibboleth SP Application Authentication
    • 89. The Shibboleth SP
      • Written in C++ for Apache, IIS, or NSAPI
        • Apache often used to front-end other app servers
          • Java containers, Zope, etc.
      • Extensive clustering support
      • 90. No API – attributes & data available through headers & environment variables
        • Keeps identity management external to app
    • 91. Application Server Apache or IIS Shibboleth SP Web Browser Shibboleth IdP User Directory shibd
    • 92. Discovery Service
      • Gives users an interface to select an IdP
      • 93. Loads metadata files
        • From multiple federations
        • 94. Or non-federations
      • Positioned alongside SP, gives customized lists
      • 95. Positioned by federation, enables SSO across entire federation
    • 96. Role of a Federation
      • Agreed upon Attribute Definitions
        • Group, Role, Unique Identifier, Courses, …
      • Criteria for IdM & IdP practices
        • user accounts, credentialing, personal information stewardship, interoperability standards, technologies, ...
      • Digital Certificates
      • 97. Trusted “notary” for all members
      • 98. Not needed for Federated IdM, but does make things even easier
    • 99. InCommon Federation
      • U.S. Higher Education & Research (and its Partners)
      • 100. 1.7 Million Users
      • 101. Self-organizing & Heterogeneous
      • 102. Policy Entrance bar intentionally set low
      • 103. Doesn’t impose lots of rules and standards
      • 104. http://www.incommonfederation.org/
    • 105. SAML Metadata
      • Data that describes partners for federated identity
        • Trust, protocols, etc.
      • Primarily a trusted list of providers
        • May be signed
        • 106. Many distribution methods
      • EntityID is the name of a provider
    • 107. SAML Attributes
      • A lot like LDAP and database attributes
        • Tweaked for an inter-realm world; scope
      • Name/value pairs to represent pieces of information about an identity
      • 108. Where do attributes live? Who’s authoritative?
        • Identity provider? Application?
        • 109. Third party?
    • 110. SAML Identifiers
      • Primary keys for people
        • email, login name most common; privacy, secrecy, and security should be considered
        • 111. The dangers and necessities of recycling
      • Where does user data live? How is it connected? Is it in multiple places?
      • 112. Multiple identifiers per person and per identity possible
    • 113. Logout Support
      • It’s really hard to do for federated identity
        • Especially large-scale
      • Lots of applications loosely coupled
        • Many with their own cookie-based sessions
      • SAML 2.0 has protocol logout support
    • 114. Resources
      • Internet2 Shibboleth website
        • http://shibboleth.internet2.edu/
      • JISC Video on Federated Identity
        • http://video.google.co.uk/videoplay?docid=6664146721575915928
      • Internet 2 Wiki
        • https://spaces.internet2.edu/
          • Shibboleth Documentation
          • 115. Shib Install Fest Materials
    • 116. Questions & Answers John A. Lewis Chief Software Architect Unicon, Inc. [email_address] www.unicon.net

    ×