Unicon IAM Update
CAS, Shibboleth, Grouper
13 February 2014
Mike Grady • Misagh Moayyed

Audio is via Adobe Connect.
There...
Welcome to this
briefing
• Updates on CAS, Shibboleth and Grouper
• Unicon contributions to CAS, Shibboleth and
Grouper

•...
Introduction:
Mike Grady
•

IAM, Shibboleth, CAS,
Internet2 Scalable Privacy

•

36 years at University of
Illinois before...
Introduction:
Misagh Moayyed
•

IAM, Shibboleth, CAS,
uPortal, uMobile

•

2 years full time with
Unicon

•

Unicon’s Open...
This session is being
recorded.
•

Will post after:

•
•

Slides

•

Slidecast with audio

Notes blog post with
useful hyp...
Observations and
Highlights
Past Events
• Identity Week, November 11-15 2013: REFEDS,
CAMP, ACAMP
Burlingame, CA

• Apereo Camp, January 27-30 2014:
C...
Upcoming Events
• Shibboleth Workshop Series - March 24-25
Durham, NC

• Internet2 Global Summit - April 6-10
Denver, CO

...
Highlights
About CAS
CAS4
• RC3 released. To RC4 and beyond...
• APIs to support MFA use cases
• Password policy improvements
• CAS documentati...
CAS4 - Documentation
Highlights
About Shibboleth
Shibboleth
• IdP v3 development in progress;
https://wiki.shibboleth.net/confluence/display/DEV/IdP3Details
• Community ne...
Identity Provider v3
• Release Goals:
• Support extensions (i.e uApprove) within profiles
• Improve “rough spots” in the A...
Multi-Context Broker

https://github.com/Internet2/Shibboleth-Multi-Context-Broker

• IdP “LoginHandler” to orchestrate am...
Highlights
About Grouper
Grouper v2.2
http://goo.gl/5LrGAR

• Release expected by late Spring
• Services in Grouper
• Ability to write SCIM
• Impro...
New Grouper UI!
http://grouper-ui.uchicago.edu/hifi
Highlights About Unicon
Participation in CAS,
Shibboleth and Grouper
Open Source Support
• Support for open source software as adopted
by the community

• Unicon collaborates to maintain the ...
CAS-related progress
CAS
• Password policy improvements
• Attributes in the CAS response
cas-addons
• https://github.com/Unicon/cas-addons
• Latest available release: 1.10
• New extensions:
• Hazelcast ticket re...
cas-addons HazelcastTicketRegistry
UniconLabs
https://github.com/UniconLabs

• cas-strap
• cas-sso-sessions-report
• service-registry-pattern-tester
• ...
Shibboleth-related
progress
Shib-CAS authenticator
v2
•
•
•
•
•
•

https://github.com/UniconLabs/shib-cas-authn2
CAS “LoginHandler” for Shibboleth Idp...
Shib-CAS authenticator
v2
CAS-Shibboleth:
Integration possibilities
•

Shib-CAS-authenticator v2 combined with Multi-Context
broker?

•

CAS attribu...
Shib-Config-UI
•
•
•

https://github.com/UniconLabs/shib-config-ui
Web interface to explore the configuration:

•
•

What ...
Future work
• In discussion with developer community to
find more ways to assist

• Finalizing Tomcat7 DTA-SSL
• Particula...
Grouper-related
progress
AuthZ Connectors
• Grouper & Apache Shiro
• Grouper & Spring Security
• Grouper & .NET Framework
• Grouper & Person Direct...
More potential
• Additional authZ connectors?
• CAS-SSO for Grouper?
• Grouper & uPortal: Roles and Permissions?
What we do

•

Collaborate to maintain current stable
recommended releases

•
•
•

Work towards next releases
Explore exte...
Feedback welcome
• Subscribers are welcome encouraged to get in
touch directly if you’d like any of this
information conte...
Let’s do this again.
•

Next Unicon IAM Update:

•
•

Thursday June 19th 2014
12 PM MST
Questions / Discussion
via Adobe Connect chat?
• Mike Grady,

Support for Shibboleth Technical Lead
mgrady@unicon.net

• M...
(License)
This work is licensed under the Creative
Commons Attribution-NonCommercial 3.0
United States License. To view a ...
Photo credits
•

Personal photos of Mike, and Misagh: all rights
reserved.

•

Microphone:
http://www.flickr.com/photos/de...
Upcoming SlideShare
Loading in …5
×

2014 Q4 IAM Open Source Support Program Update

751 views

Published on

Public briefing on Unicon's IAM Open Source Support Q1 2014 development progress, intentions for the next quarter, and other observations and highlights about Apereo/Jasig CAS, Internet 2 Shibboleth, and Internet 2 Grouper. http://www.unicon.net/support

Published in: Technology
  • Be the first to comment

  • Be the first to like this

2014 Q4 IAM Open Source Support Program Update

  1. 1. Unicon IAM Update CAS, Shibboleth, Grouper 13 February 2014 Mike Grady • Misagh Moayyed Audio is via Adobe Connect. There is no phone dial-in.
  2. 2. Welcome to this briefing • Updates on CAS, Shibboleth and Grouper • Unicon contributions to CAS, Shibboleth and Grouper • Unicon's Open Source Support • Thanks, Q&A
  3. 3. Introduction: Mike Grady • IAM, Shibboleth, CAS, Internet2 Scalable Privacy • 36 years at University of Illinois before Unicon • Unicon’s Open Source Support for Shibboleth technical lead
  4. 4. Introduction: Misagh Moayyed • IAM, Shibboleth, CAS, uPortal, uMobile • 2 years full time with Unicon • Unicon’s Open Source Support for CAS technical lead
  5. 5. This session is being recorded. • Will post after: • • Slides • Slidecast with audio Notes blog post with useful hyperlinks
  6. 6. Observations and Highlights
  7. 7. Past Events • Identity Week, November 11-15 2013: REFEDS, CAMP, ACAMP Burlingame, CA • Apereo Camp, January 27-30 2014: CAS, uPortal, OpenRegistry, Sakai Mesa, AZ
  8. 8. Upcoming Events • Shibboleth Workshop Series - March 24-25 Durham, NC • Internet2 Global Summit - April 6-10 Denver, CO • Open Apereo 2014 - June 1-4 Miami, FL • Internet2 Technology Exchange – Oct 26-30 Indianapolis, IN
  9. 9. Highlights About CAS
  10. 10. CAS4 • RC3 released. To RC4 and beyond... • APIs to support MFA use cases • Password policy improvements • CAS documentation revamp; See http://jasig.github.io/cas
  11. 11. CAS4 - Documentation
  12. 12. Highlights About Shibboleth
  13. 13. Shibboleth • IdP v3 development in progress; https://wiki.shibboleth.net/confluence/display/DEV/IdP3Details • Community news at http://shibboleth.net/community/news • Latest versions: IdP v2.4.0, SP v2.5.3
  14. 14. Identity Provider v3 • Release Goals: • Support extensions (i.e uApprove) within profiles • Improve “rough spots” in the API • V2 protocol interoperable; API-incompatible https://wiki.shibboleth.net/confluence/display/IDP30/Software+Design • Q3 Fall 2014 release is planned
  15. 15. Multi-Context Broker https://github.com/Internet2/Shibboleth-Multi-Context-Broker • IdP “LoginHandler” to orchestrate among multiple authentication contexts, including MFA. • Provide support for InCommon Assurance initative • Pluggable authentication modules • V1.0.0 is now available
  16. 16. Highlights About Grouper
  17. 17. Grouper v2.2 http://goo.gl/5LrGAR • Release expected by late Spring • Services in Grouper • Ability to write SCIM • Improved Grouper configuration • ...and...
  18. 18. New Grouper UI! http://grouper-ui.uchicago.edu/hifi
  19. 19. Highlights About Unicon Participation in CAS, Shibboleth and Grouper
  20. 20. Open Source Support • Support for open source software as adopted by the community • Unicon collaborates to maintain the supported open source software making it more supportable and valuable to subscribers • “Act in the best interests of the subscribers, of the community, and of Unicon”
  21. 21. CAS-related progress
  22. 22. CAS • Password policy improvements • Attributes in the CAS response
  23. 23. cas-addons • https://github.com/Unicon/cas-addons • Latest available release: 1.10 • New extensions: • Hazelcast ticket registry • Dynamic login view selection • Request-based ticket expiration policy •…
  24. 24. cas-addons HazelcastTicketRegistry
  25. 25. UniconLabs https://github.com/UniconLabs • cas-strap • cas-sso-sessions-report • service-registry-pattern-tester • ...
  26. 26. Shibboleth-related progress
  27. 27. Shib-CAS authenticator v2 • • • • • • https://github.com/UniconLabs/shib-cas-authn2 CAS “LoginHandler” for Shibboleth Idp v2.x Simpler, externalized configuration No context-sharing requirement Communicate the “entityId” to CAS Currently in BETA status
  28. 28. Shib-CAS authenticator v2
  29. 29. CAS-Shibboleth: Integration possibilities • Shib-CAS-authenticator v2 combined with Multi-Context broker? • CAS attributes to supplement the IdP's authentication context? • CAS to resolve/release attributes to the IdP?  ...reduce duplicate configuration and overhead
  30. 30. Shib-Config-UI • • • https://github.com/UniconLabs/shib-config-ui Web interface to explore the configuration: • • What attributes are released to this SP? What is the SSO session length? Further UI enhancements and features planned
  31. 31. Future work • In discussion with developer community to find more ways to assist • Finalizing Tomcat7 DTA-SSL • Particular missing features you need?
  32. 32. Grouper-related progress
  33. 33. AuthZ Connectors • Grouper & Apache Shiro • Grouper & Spring Security • Grouper & .NET Framework • Grouper & Person Directory • Grouper & OAuth w/ CAS https://spaces.internet2.edu/display/Grouper/Unicon+Grouper+Contributions
  34. 34. More potential • Additional authZ connectors? • CAS-SSO for Grouper? • Grouper & uPortal: Roles and Permissions?
  35. 35. What we do • Collaborate to maintain current stable recommended releases • • • Work towards next releases Explore extensions and opportunities Responsive to inputs from subscriber experiences • • • Explicit requests Learn from providing support Empathize with your needs and projects
  36. 36. Feedback welcome • Subscribers are welcome encouraged to get in touch directly if you’d like any of this information contextualized to your specific situation. E.g., Should I upgrade to the next release of shib-cas-authenticator? • By all means, do get in touch.
  37. 37. Let’s do this again. • Next Unicon IAM Update: • • Thursday June 19th 2014 12 PM MST
  38. 38. Questions / Discussion via Adobe Connect chat? • Mike Grady, Support for Shibboleth Technical Lead mgrady@unicon.net • Misagh Moayyed, Support for CAS Technical Lead mmoayyed@unicon.net
  39. 39. (License) This work is licensed under the Creative Commons Attribution-NonCommercial 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/bync/3.0/us/.
  40. 40. Photo credits • Personal photos of Mike, and Misagh: all rights reserved. • Microphone: http://www.flickr.com/photos/deanhp/3711222265/ http://creativecommons.org/licenses/by/2.0/deed.en

×