Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
SSO and Identity Management:      What we did               Jon WarbrickUniversity of Cambridge Computing Service         ...
The Universityof Cambridge  100+ departments     32 colleges    40,000 users   “A loose affiliation  of warring fiefdoms”
Handy building blocks• University Computing Service • that doesn’t set policy• User Administration Database• Raven: Web Au...
What do we want?       A Calendar!         Perhaps other things, later...
General Plan• Google Apps for Education • but just Calendar• Use cam.ac.uk domain• Web SSO using Raven• Automatically avai...
Web authentication
Web authentication
Web authentication SAML SSO  service            gAuth
Web authentication SAML SSO  service            gAuth
Web authentication SAML SSO  service            gAuth
gAuth• Based on Google example Java SAML code • SAML, but not Shibboleth• Java Webapp, runs in Tomcat• Also displays T&Cs ...
Account creation      gAuth
Account creation      gAuth
Account creation               gAuthProvisioning    API
Account creation               gAuthProvisioning    API
Non-web authentication
Non-web authentication
Account management                            gAuth          Raven feedUser admin. database               reconcile-      ...
Implementation• gAuth: Java webapp in Tomcat• Batch processing: Java run by cron (!)• (Live/stanby) pair of VMs on Xen clu...
Deployed October 2010        Number of Accounts    http://www-uxsup.csx.cam.ac.uk/~jw35/google-usage/
Deployed October 2010        Unique users per day    http://www-uxsup.csx.cam.ac.uk/~jw35/google-usage/
Plain sailing?• Pre-existing cam.ac.uk domain• Conflicting accounts• ‘g’ ‘o’ ‘o’ ‘g’ ‘l’ ‘e’ not allowed in domain   names•...
Any questions?
Any questions?               Jon WarbrickUniversity of Cambridge Computing Service         jw35@cam.ac.uk / @jw35
Upcoming SlideShare
Loading in …5
×

Google Apps - SSO and Identity Management at the University of Cambridge

3,073 views

Published on

Slides from a talk on SSO and Identity Management for Google Apps at the University of Cambridge. Presented at the Google Apps for Education UK User Group meeting on 15th February 2011 at Loughborough University (http://guug11.lboro.ac.uk/)

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Google Apps - SSO and Identity Management at the University of Cambridge

  1. 1. SSO and Identity Management: What we did Jon WarbrickUniversity of Cambridge Computing Service jw35@cam.ac.uk / @jw35
  2. 2. The Universityof Cambridge 100+ departments 32 colleges 40,000 users “A loose affiliation of warring fiefdoms”
  3. 3. Handy building blocks• University Computing Service • that doesn’t set policy• User Administration Database• Raven: Web Authentication system • including a Shibboleth IdP• A 2008 UCS trial of Google Apps
  4. 4. What do we want? A Calendar! Perhaps other things, later...
  5. 5. General Plan• Google Apps for Education • but just Calendar• Use cam.ac.uk domain• Web SSO using Raven• Automatically available to everyone• Minimum ongoing staff involvement• Rollout September, for October, 2010
  6. 6. Web authentication
  7. 7. Web authentication
  8. 8. Web authentication SAML SSO service gAuth
  9. 9. Web authentication SAML SSO service gAuth
  10. 10. Web authentication SAML SSO service gAuth
  11. 11. gAuth• Based on Google example Java SAML code • SAML, but not Shibboleth• Java Webapp, runs in Tomcat• Also displays T&Cs page, and email reminder first time through• And some other things ...
  12. 12. Account creation gAuth
  13. 13. Account creation gAuth
  14. 14. Account creation gAuthProvisioning API
  15. 15. Account creation gAuthProvisioning API
  16. 16. Non-web authentication
  17. 17. Non-web authentication
  18. 18. Account management gAuth Raven feedUser admin. database reconcile- reconcile- admin google Status: Google •[Unknown] •Current •Blacklisted •Cancelled •[Deleted]
  19. 19. Implementation• gAuth: Java webapp in Tomcat• Batch processing: Java run by cron (!)• (Live/stanby) pair of VMs on Xen cluster• Local Postgress database; Slony1 replication• Manual service address transition
  20. 20. Deployed October 2010 Number of Accounts http://www-uxsup.csx.cam.ac.uk/~jw35/google-usage/
  21. 21. Deployed October 2010 Unique users per day http://www-uxsup.csx.cam.ac.uk/~jw35/google-usage/
  22. 22. Plain sailing?• Pre-existing cam.ac.uk domain• Conflicting accounts• ‘g’ ‘o’ ‘o’ ‘g’ ‘l’ ‘e’ not allowed in domain names• iPhones• Support. Don’t forget the support
  23. 23. Any questions?
  24. 24. Any questions? Jon WarbrickUniversity of Cambridge Computing Service jw35@cam.ac.uk / @jw35

×