February 13th, 2014 - Unicon IAM Webinar Update

422 views

Published on

February 13th, 2014 - Unicon IAM Webinar Update

Published in: Technology
  • Be the first to comment

  • Be the first to like this

February 13th, 2014 - Unicon IAM Webinar Update

  1. 1. Unicon IAM Update CAS, Shibboleth, Grouper 13 February 2014 Mike Grady • Misagh Moayyed Audio is via Adobe Connect. There is no phone dial-in.
  2. 2. Welcome to this briefing • Updates on CAS, Shibboleth and Grouper • Unicon contributions to CAS, Shibboleth and Grouper • Unicon's Open Source Support • Thanks, Q&A
  3. 3. Introduction: Mike Grady • IAM, Shibboleth, CAS, Internet2 Scalable Privacy • 36 years at University of Illinois before Unicon • Unicon’s Open Source Support for Shibboleth technical lead
  4. 4. Introduction: Misagh Moayyed • IAM, Shibboleth, CAS, uPortal, uMobile • 2 years full time with Unicon • Unicon’s Open Source Support for CAS technical lead
  5. 5. This session is being recorded. • Will post after: • Slides • Notes blog post with useful hyperlinks • Slidecast with audio
  6. 6. Observations and Highlights
  7. 7. • Identity Week, November 11-15 2013: REFEDS, CAMP, ACAMP Burlingame, CA • Apereo Camp, January 27-30 2014: CAS, uPortal, OpenRegistry, Sakai Mesa, AZ Past Events
  8. 8. Upcoming Events • Shibboleth Workshop Series - March 24-25 Durham, NC • Internet2 Global Summit - April 6-10 Denver, CO • Open Apereo 2014 - June 1-4 Miami, FL • Internet2 Technology Exchange – Oct 26-30 Indianapolis, IN
  9. 9. Highlights About CAS
  10. 10. CAS4 • RC3 released. To RC4 and beyond... • APIs to support MFA use cases • Password policy improvements • CAS documentation revamp; See http://jasig.github.io/cas
  11. 11. CAS4 - Documentation
  12. 12. Highlights About Shibboleth
  13. 13. Shibboleth • IdP v3 development in progress; https://wiki.shibboleth.net/confluence/display/DEV/IdP3Details • Community news at http://shibboleth.net/community/news • Latest versions: IdP v2.4.0, SP v2.5.3
  14. 14. Identity Provider v3 • Release Goals: • Support extensions (i.e uApprove) within profiles • Improve “rough spots” in the API • V2 protocol interoperable; API-incompatible https://wiki.shibboleth.net/confluence/display/IDP30/Software+Design • Q3 Fall 2014 release is planned
  15. 15. Multi-Context Broker https://github.com/Internet2/Shibboleth-Multi-Context-Broker • IdP “LoginHandler” to orchestrate among multiple authentication contexts, including MFA. • Provide support for InCommon Assurance initative • Pluggable authentication modules • V1.0.0 is now available
  16. 16. Highlights About Grouper
  17. 17. Grouper v2.2 http://goo.gl/5LrGAR • Release expected by late Spring • Services in Grouper • Ability to write SCIM • Improved Grouper configuration • ...and...
  18. 18. New Grouper UI! http://grouper-ui.uchicago.edu/hifi
  19. 19. Highlights About Unicon Participation in CAS, Shibboleth and Grouper
  20. 20. Open Source Support • Support for open source software as adopted by the community • Unicon collaborates to maintain the supported open source software making it more supportable and valuable to subscribers • “Act in the best interests of the subscribers, of the community, and of Unicon”
  21. 21. CAS-related progress
  22. 22. CAS • Password policy improvements • Attributes in the CAS response
  23. 23. cas-addons • https://github.com/Unicon/cas-addons • Latest available release: 1.10 • New extensions: • Hazelcast ticket registry • Dynamic login view selection • Request-based ticket expiration policy • …
  24. 24. cas-addons - HazelcastTicketRegistry
  25. 25. UniconLabs https://github.com/UniconLabs • cas-strap • cas-sso-sessions-report • service-registry-pattern-tester • ...
  26. 26. Shibboleth-related progress
  27. 27. Shib-CAS authenticator v2 • https://github.com/UniconLabs/shib-cas-authn2 • CAS “LoginHandler” for Shibboleth Idp v2.x • Simpler, externalized configuration • No context-sharing requirement • Communicate the “entityId” to CAS • Currently in BETA status
  28. 28. Shib-CAS authenticator v2
  29. 29. CAS-Shibboleth: Integration possibilities • Shib-CAS-authenticator v2 combined with Multi- Context broker? • CAS attributes to supplement the IdP's authentication context? • CAS to resolve/release attributes to the IdP?  ...reduce duplicate configuration and overhead
  30. 30. Shib-Config-UI • https://github.com/UniconLabs/shib-config-ui • Web interface to explore the configuration: • What attributes are released to this SP? • What is the SSO session length? • Further UI enhancements and features planned
  31. 31. Future work • In discussion with developer community to find more ways to assist • Finalizing Tomcat7 DTA-SSL • Particular missing features you need?
  32. 32. Grouper-related progress
  33. 33. AuthZ Connectors • Grouper & Apache Shiro • Grouper & Spring Security • Grouper & .NET Framework • Grouper & Person Directory • Grouper & OAuth w/ CAS https://spaces.internet2.edu/display/Grouper/Unicon+Grouper+Contributions
  34. 34. More potential • Additional authZ connectors? • CAS-SSO for Grouper? • Grouper & uPortal: Roles and Permissions?
  35. 35. Next Steps
  36. 36. What we do • Collaborate to maintain current stable recommended releases • Work towards next releases • Explore extensions and opportunities • Responsive to inputs from subscriber experiences • Explicit requests • Learn from providing support • Empathize with your needs and projects
  37. 37. Feedback welcome • Subscribers are welcome encouraged to get in touch directly if you’d like any of this information contextualized to your specific situation. E.g., Should I upgrade to the next release of shib-cas-authenticator? • By all means, do get in touch.
  38. 38. Let’s do this again. • Next Unicon IAM Update: • Thursday June 19th 2014 • 12 PM MST
  39. 39. Questions / Discussion via Adobe Connect chat? • Mike Grady, Support for Shibboleth Technical Lead mgrady@unicon.net • Misagh Moayyed, Support for CAS Technical Lead mmoayyed@unicon.net
  40. 40. (License) This work is licensed under the Creative Commons Attribution-NonCommercial 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by- nc/3.0/us/.
  41. 41. Photo credits • Personal photos of Mike, and Misagh: all rights reserved. • Microphone: http://www.flickr.com/photos/deanhp/3711222265/ http://creativecommons.org/licenses/by/2.0/deed.en

×