Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Shibboleth session @
                   IGeLU Ghent Meeting
                            2010
                             ...
Agenda

                   • Shibboleth implementation challenges at
                          SFX, MetaLib, DigiTool, Ale...
Agenda

                   • Hooking up SFX into Shibboleth Service
                          Provider
                   ...
Case studies




Wednesday, 15 September 2010
Charles University in
                             Prague
                   • 100 % Shibboleth access @ e-resources
     ...
Czech National Library

                   • just implemented Shibboleth IdP 2
                   • EZproxy, HAN
         ...
Academy Of Sciences
                           Library
                   • just implemented Shibboleth IdP 2.1.5
        ...
Shibboleth & SFX


                   • Not supported by PDS
                   • Implementation proxy style


Wednesday, ...
Shibboleth & SFX

                   • Challenges
                    • giving up user authentication at SFX,
            ...
Shibboleth & SFX


                   • 1: one user group - one institution in SFX
                          instance
    ...
Shibboleth & SFX
                   •      AZ (subscribed and free e-journals for one or
                          more in...
Shibboleth & SFX
                   • MARCit! (subscribed and free e-journals
                          for one or more in...
Shibboleth & SFX

                   • Export (subscribed and free e-journals for
                          one or more in...
Shibboleth & SFX
                   • Google Scholar exports (subscribed and
                          free e-journals for...
Shibboleth & SFX

                   • RSI (subscribed and free e-journals for one
                          or more insti...
Shibboleth & SFX

                   • Possibility to implement Shibboleth
                          authentication as ext...
Shibboleth & SFX


                   • Challenges
                    • possibility to set up just one Institute or
     ...
Shibboleth & MetaLib

                   • Supported by PDS
                   • Challenges
                    • just one...
Shibboleth & DigiTool

                   • Supported by PDS
                   • Challenges
                    • just on...
Shibboleth & Aleph

                   • Supported by PDS

                   • One affiliation per user considered in
    ...
Aleph as users
                                identities source
                   • CAS - LDAP sync using ORACLE scripts...
Shibboleth & Primo,
                             Primo Central

                   • Supported by PDS
                   •...
Multiple affiliations
                                    solutions
                   • User selection of primary user affi...
PDS hints


                   • Support for Shibboleth 2
                   • Support for Single Logout


Wednesday, 15 S...
Shibboleth hands-on
                   • Charles University E-resources Portal
                    • pez.cuni.cz
         ...
Contact

                      Jiří Pavlík
                      CESNET / Charles University in Prague
                   ...
Upcoming SlideShare
Loading in …5
×

Shibboleth session @ IGeLU Ghent Meeting 2010

1,304 views

Published on

Presentation from Shibboleth session at IGeLU conference in Ghent

Published in: Education
  • Be the first to comment

Shibboleth session @ IGeLU Ghent Meeting 2010

  1. 1. Shibboleth session @ IGeLU Ghent Meeting 2010 Ghent University, September 1st 2010 Wednesday, 15 September 2010
  2. 2. Agenda • Shibboleth implementation challenges at SFX, MetaLib, DigiTool, Aleph • Solutions for missing support for multiple affiliations at SFX, MetaLib, DigiTool authorisation Wednesday, 15 September 2010
  3. 3. Agenda • Hooking up SFX into Shibboleth Service Provider • Aleph as a primary identity source • Working with e-resources in Shibboleth environment hands-on Wednesday, 15 September 2010
  4. 4. Case studies Wednesday, 15 September 2010
  5. 5. Charles University in Prague • 100 % Shibboleth access @ e-resources • EZproxy as Shibboleth gateway • MetaLib, SFX, Aleph, DigiTool • University Information System as primary users identities source, LDAP, IdP 2.1.5-slo Wednesday, 15 September 2010
  6. 6. Czech National Library • just implemented Shibboleth IdP 2 • EZproxy, HAN • MetaLib, SFX, Aleph • Aleph as primary users identities source • ML, SFX - National Information Gateway Wednesday, 15 September 2010
  7. 7. Academy Of Sciences Library • just implemented Shibboleth IdP 2.1.5 • EZproxy, Squid HTTP proxy • MetaLib, SFX, Aleph • Aleph as primary user identities source Wednesday, 15 September 2010
  8. 8. Shibboleth & SFX • Not supported by PDS • Implementation proxy style Wednesday, 15 September 2010
  9. 9. Shibboleth & SFX • Challenges • giving up user authentication at SFX, resources activation for DEFAULT institute • consequences - menu, AZs, exports, MARCit!, Google Scholar export, RSI, Verde Wednesday, 15 September 2010
  10. 10. Shibboleth & SFX • 1: one user group - one institution in SFX instance • N: several user groups - several institutions in SFX instance Wednesday, 15 September 2010
  11. 11. Shibboleth & SFX • AZ (subscribed and free e-journals for one or more institution), selective inheritance • 1 • exclude in AZ for DEFAULT if used • N • exclude - doesn’t solve different selective subscriptions by two or more institutions • or disable inheritance and give up free Open- Access e-journals in institutions AZs Wednesday, 15 September 2010
  12. 12. Shibboleth & SFX • MARCit! (subscribed and free e-journals for one or more institution), auto inheritance •I • no change •N • export SPECIFIC targets Wednesday, 15 September 2010
  13. 13. Shibboleth & SFX • Export (subscribed and free e-journals for one or more institution), auto inheritance •I • no change •N • export SPECIFIC targets Wednesday, 15 September 2010
  14. 14. Shibboleth & SFX • Google Scholar exports (subscribed and free e-journals for one or more institution), auto inheritance •I • no change •N • faulty institutions exports Wednesday, 15 September 2010
  15. 15. Shibboleth & SFX • RSI (subscribed and free e-journals for one or more institution), auto inheritance •I • no change •N • faulty institutions exports Wednesday, 15 September 2010
  16. 16. Shibboleth & SFX • Possibility to implement Shibboleth authentication as external script • http://sfx.jib.cz/sfxkiv3/cgi/public/ user_cookie.cgi? • SFX v3 Advanced User Guide, Setting user_profile Cookies Wednesday, 15 September 2010
  17. 17. Shibboleth & SFX • Challenges • possibility to set up just one Institute or Group in institute variable Wednesday, 15 September 2010
  18. 18. Shibboleth & MetaLib • Supported by PDS • Challenges • just one affiliation per user considered in authorisation Wednesday, 15 September 2010
  19. 19. Shibboleth & DigiTool • Supported by PDS • Challenges • just one affiliation per user considered in authorisation Wednesday, 15 September 2010
  20. 20. Shibboleth & Aleph • Supported by PDS • One affiliation per user considered in authorisation doesn’t matter Wednesday, 15 September 2010
  21. 21. Aleph as users identities source • CAS - LDAP sync using ORACLE scripts • CNL - MULTIDATA Praha - Dynamic LDAP • http://www.multidata.cz/english/universal- dynamic-ldap-server Wednesday, 15 September 2010
  22. 22. Shibboleth & Primo, Primo Central • Supported by PDS • no experiences yet, sorry Wednesday, 15 September 2010
  23. 23. Multiple affiliations solutions • User selection of primary user affiliation/ entitlement at IdP • IdP provide selected affiliation at eduPersonEntitlement or xxxPersonPrimaryEntitlement Wednesday, 15 September 2010
  24. 24. PDS hints • Support for Shibboleth 2 • Support for Single Logout Wednesday, 15 September 2010
  25. 25. Shibboleth hands-on • Charles University E-resources Portal • pez.cuni.cz • testing affiliates welcomed :-) Wednesday, 15 September 2010
  26. 26. Contact Jiří Pavlík CESNET / Charles University in Prague http://www.cuni.cz/~pavlik Wednesday, 15 September 2010

×