Public briefing from Unicon's IAM team on observations and highlights about Apereo/Jasig CAS, Internet 2 Shibboleth, and Internet 2 Grouper. Unicon Open Source Support development progress and intentions for the next quarter are also shared. http://www.unicon.net/support
08448380779 Call Girls In Friends Colony Women Seeking Men
Unicon June 2014 IAM Briefing
1. Unicon IAM Update
CAS, Shibboleth, Grouper
26 June 2014
Mike Grady • Misagh Moayyed • Bill Thompson
Audio is via Adobe Connect.
There is no phone dial-in.
2. Welcome to this
briefing
• Updates on CAS, Shibboleth and Grouper
• Unicon contributions to CAS, Shibboleth and
Grouper
• Unicon's Open Source Support
• Q&A
3. Introduction:
Mike Grady
• IAM, Shibboleth, CAS,
Internet2 Scalable Privacy
• 36 years at University of
Illinois before Unicon
• Unicon’s Open Source
Support for Shibboleth
technical lead
4. Introduction:
Misagh Moayyed
• IAM, Shibboleth, CAS,
uPortal, uMobile
• #1 CAS Committer over
the last 3 years
• Unicon’s Open Source
Support for CAS
technical lead
6. Past Events
• ShibbolethWorkshop Series - March 24-25
Durham, NC
• Internet2 Global Summit - April 6-10
Denver, CO
• Open Apereo 2014 - June 1-4
Miami, FL
7. Apereo IAM Sessions
• CASifying PeopleSoft & ADFS:
http://lanyrd.com/2014/apereo/sdbbdp/
• To CAS 3 and Beyond:
http://lanyrd.com/2014/apereo/sczzzt/
• Grouper for Beginners:
http://lanyrd.com/2014/apereo/sdbdmm/
• 2FA Authentication with CAS:
http://lanyrd.com/2014/apereo/sdbbdh/
8. • ShibbolethWorkshop Series – July 24-25, 2014
Indianapolis, IN
• ShibbolethWorkshop Series – Sept 29-30, 2014
Newark, NJ
• Internet2Technology Exchange/IdentityWeek – Oct 26-
30, Indianapolis, IN
• ShibbolethWorkshop Series – Nov 10-11, 2014 Salt
Lake City, UT
Upcoming Events
10. CAS Releases
• CAS 3.5.2.1 & CAS 3.4.12.1 (4/1/2014)
SAML 2.0 Security Exploit Patch: Patch if you
integrate with Google Apps, JICS, etc.
•CAS 4.0.0 (5/7/2014)
11. CAS 4: Features
• New /p3/serviceValidate endpoint for user attributes
• LPPE Improvements: OpenLDAP support, etc...
• Disallow Empty Service Registry
• Default Service Proxy AuthN set to Off
• Many more...
12. CAS 3.0 Protocol
• Return user attributes upon validation
• Backwards-compatible with clients
16. Shibboleth
• IdP v3 development in progress;
https://wiki.shibboleth.net/confluence/display/DEV/IdP3Details
• Alpha1 release of IdP v3 just released this morning, see
https://wiki.shibboleth.net/confluence/display/IDP30/
• Multi-Context Broker (MCB) being deployed in production
• Latest versions: IdP v2.4.0, SP v2.5.3 (+2 patches for
Windows SP*)
* Heartbleed, OpenSSL
17. Identity Provider v3
• Release Goals:
• Support extensions (i.e. uApprove) within profiles
• Improve “rough spots” in the API
• V2 protocol interoperable; API-incompatible
https://wiki.shibboleth.net/confluence/display/IDP30/Software+Design
• Q3 Fall 2014 release is planned
22. Open Source Support
• Support for open source software as adopted
by the community
• Unicon collaborates to maintain the supported
open source software making it more
supportable and valuable to subscribers
• “Act in the best interest of the subscribers, the
community, and the project”
29. Other work
• Updating Shib wiki as we discover areas to
be improved, corrected, etc. from our work
with the Shib software and related
extensions. (E.g. Multi-Context Broker,
Velocity template additions that allow use of
Google Analytics to analyze IdP usage, etc.)
• Finalized Tomcat7 DTA-SSL
https://wiki.shibboleth.net/confluence/x/WYFC
30. Future work
• Helping with testing of Shib IdP v3
• In discussion with developer
community to find more ways to assist
• Particular missing features you need?
31. Grouper Related Work
• uPortal: Roles and Permissions?
• Additional authZ connectors?
• CAS SSO for Grouper?
https://spaces.internet2.edu/display/Grouper/Unicon+Grouper+Contributions
32. What we do
• Collaborate to maintain current stable recommended releases
• Work towards next releases
• Explore extensions and opportunities
• Responsive to inputs from subscriber experiences
• Feedback is especially welcome!
• Learn from providing support
• Empathize with your needs and projects
33. Let’s do this again.
•Next Unicon IAM Update:
•Thursday November 6th 2014
•2 PM Eastern/11 AM Pacific
34. Questions / Discussion
• Bill Thompson
Director of IAM Practice
wgthom@unicon.net
• Mike Grady,
Support for Shibboleth Technical Lead
mgrady@unicon.net
• Misagh Moayyed,
Support for CAS Technical Lead
mmoayyed@unicon.net
Editor's Notes
Unicon's CAS strategy* Participate directly in CAS* Develop open source software on behalf of clients* Inform maintenance development through supportYou have to source your support somewhere* In-house staff* Goodwill and engagement of the community* Commercial partner (e.g., Unicon)* (Reality Often combination of these)Unicon's "Cooperative" Support* Cooperates with you, your staff, the community* Support experiences yield improved public documentation* Support-inspired and subscriber-needs-guided open source maintenance development** Directly in and available for adoption with the Jasig CAS softwareThank you to our support subscribers!* Support subscriptions make Unicon maintenance development possible* Support experiences and subscriber input guide Unicon maintenance development towards the worthwhile