SlideShare a Scribd company logo
www.canarie.ca | www.swamid.se
Presenters:
Chris Phillips – CANARIE, Canada
Anders Lördal– SWAMID, Sweden
Think Globally, Act Locally: Simplifying
Federated Technologies
May 18 ,2014| TNC2014 | Dublin, Ireleand
www.canarie.ca | www.swamid.se
About CAF & SWAMID
CAF SWAMID
Size of Community
89 Universities, ~120
colleges
52 Institutions
Size of Federation
103
SAML IdP:24 Shib,1 SSPHP, 33 SPs
eduroam: 78 IdPs 78+ campus’
333
SAML IdP: 45 Shib,1 SSPHP 4 ADFS, 1
pysaml, 278 SP
eduroam: 39 IdPs 773 locations
Coverage >48% > 98%
Participate in eduGAIN? ✔ ✔
Challenge
Uptake parity between
eduroam & SAML related to
time and skills
Participants ability to remain
current & maintain skills
Shib=Shibboleth, SSPHP= SimpleSAMLPHP
•  Even at different stages and coverage, we encounter similar challenges
•  Opportunity to collaborate & leverage each others investments
www.canarie.ca | www.swamid.se
Response to the challenge
•  Evolved approach to better match campus IT reality
•  Reduced cost/effort implement & support
•  Simplifies installation experience
http://www.flickr.com/photos/madison_guy/3386919046/sizes/o/in/photostream/ Madison Guy
Choose RADIUS server
Install & Configure
Test & Connect
Preferred Server installed
Pre-configured
Tested
Classic Approach IdP Installer Approach
Preferred platform installed
Pre-Configured
Tested
Choose platform
Install & Configure
Test & Connect
www.canarie.ca | www.swamid.se
Chris Phillips
Origin of the collaborative work
•  We both came to the table with something:
•  SWAMID: original SAML installer & was refactoring
•  CAF adopted paradigm for eduroam automation work
•  Critical pieceà bootstrapped collaboration with ½ day in person session
identifying key principles & mechanics
www.canarie.ca | www.swamid.se
Chris Phillips
Origin of the collaborative work
•  We both came to the table with something:
•  SWAMID: original SAML installer & was refactoring
•  CAF adopted paradigm for eduroam automation work
•  Critical pieceà bootstrapped collaboration with ½ day in person session
identifying key principles & mechanics
Simple as possible, complex as needed
Core Principle
www.canarie.ca | www.swamid.se
https://www.flickr.com/photos/75905404@N00/7126146307 OZinOH
Principle Drives Design
•  It’s not just the tool, but the techniques applied in the tool:
•  Highly Extensible – be Federation aware, be tech agnostic..
•  Internalize complexity to simplify end users experience
•  Internationalize by default instead of retrofit
•  Embody best practices to avoid error in implementations
www.canarie.ca | www.swamid.se
The Results – The IDP Installer
•  What is it?
–  Installation script with HTML
configuration to image a blank VM
•  What does it do?
–  Auto installs and configures IdP
server components
–  Configures entire system, not just
software
–  Supports eduroam and
Shibboleth
•  Benefits
–  Fewer steps
–  Hides technical complexity from
user
VM"
Shibboleth

Identity

Provider"
(2.4.0)"
freeRADIUS"
(2.1.12)"
Apache Tomcat (6.0)"
Java (openjdk 1.7)"
Operating System (centOS6.4+ or Ubuntu 12.0.4)"
www.canarie.ca | www.swamid.se
Installation Improvements
Outcomes
•  Install effort reduced from 2 discrete projects to 1 on participant site
•  Automated configuration reduces installation complexity and editing needs
•  Speeds up installation
•  Reduces errors
www.canarie.ca | www.swamid.se
Installation Overview
Plan &
Prepare
installation
Review System
Requirements to
prepare your
environment.
Prepare your
network
Prepare your
environment
(settings for
Directory,
Certificates, etc)
Review and
choose a
preferred
deployment
approach
Review your
federation
specific post
install steps
Do Installation
Create a
configuration
from your
federations'
configuration
builder
Save
configuration as
'config' in this
directory on your
server
Run the script ./
deploy_idp.sh
Answer any
inline questions
(password
creation for
keystores)
Post
installation
tailoring
Based on items
previously
identified,
finalize the
installation
Identity steps
needed to be
repeated in
production
Local
acceptance
testing
Contact
FedOp to
complete
registration
[1] From installer document in distribution: https://collaboration.canarie.ca/elgg/groups/profile/847/idp-installer
www.canarie.ca | www.swamid.se
Configuration Demo & Walk Through
http://youtu.be/7DpHL9akgrg
www.canarie.ca | www.swamid.se
https://www.flickr.com/photos/julia_manzerova/4748112382/ Julia Mnazernova
Weighing the Options
•  A lot of great tools and techniques out there à had to choose wisely
•  Driven by Principles and Requirements. How closely do these match yours?
www.canarie.ca | www.swamid.se
Contrasting Implementation Styles
Model Benefit Drawback Example?
Centralized/
Command &
Control
Centralized control
Remote management
capabilities
•  Complexity is high for
backend
•  Not easily hosted locally
•  May not meet needs for
hands off remote operation
GAAR
Download VM
preconfigured
•  Quick, good degree of
consistency
•  Reliable troubleshooting
•  Large binary distribution (is
it necessary?)
•  Expectation of
responsibility for patching
•  VM may not have all
components & site wants
access to root.
•  Hard to scale variants.
•  Cost of maintaining
unwieldy
Eduroam in a box
VM
Installer tool
(implemented)
•  Pre-existing code base
•  Least complexity
•  Smallest footprint
•  Knowledge readily available
•  Interface translation friendly
•  Keeping current with
dependencies takes effort
•  Testing complexity is
higher
•  SWAMID
original
installer
•  DevOps tools
www.canarie.ca | www.swamid.se
Contrasting Implementation Techniques
Technique Benefits Drawbacks
Puppet/Chef based
In Producton
Scales nationally
Command and control with puppet
Command and control
required, some rigidity
dilutes autonomy of
sites
Ansible based
Able to get support
DevOps friendly
Not a broad skill set in
the target community
Various
languages(java,perl,
Expect)
Various reasons (choose your
favorite)
Skill set hit and miss in
the field.
Existing investment in
bash for installer
Configuration in
standalone HTML
+javascript
Ubiquiteous - Available inherent in
system shell
Maintainable
Sophisticated or as primitive as you
would like to use
Easily tweaked because we know it
will be
Internationalization(i18n) friendly
It’s bash & there’s a bit
of baggage with that.
HTML interface for
cross browser
compatibility
www.canarie.ca | www.swamid.se
Usage & Feedback
CAF SWAMID
Status to respective
community
•  Available as ‘Beta’.
•  Awaiting feedback from
handful of sites so we may
transition to ‘General
Availability’
Widely available for sites to
use and test
Community
feedback
Positive.
One pilot site:
Found deploying eduroam easier and
are transitioning to eduroam as the
only campus SSID for Fall 2014.
Positive.
At least four sites running
One with active/standby config.
www.canarie.ca | www.swamid.se
Collaboration – Managing Change
•  GitHub public repository used
•  https://github.com/idp-installer-manager
•  Core codebase in ‘idp-installer-global’ repo
•  To use, strongly encouraged to fork your own ‘idp-
installer-<Fed’n_name>’
•  Loosely couples code management
•  Enables isolation for feature development
•  (push) to global for review & promote to
community.
•  Other forks can retrieve (pull) from global at
their own pace– as quick or as slowly as
needed
idp-installer-global
idp-installer-CAF
idp-installer-
SWAMID
ipd-installer-
YOUR_FED_HERE
www.canarie.ca | www.swamid.se
Your Invited!
•  Code base in use at CAF and SWAMID.
•  Clone one of ours now to try it out (http://bit.ly/caf-idp / http://bit.ly/swamid-idp )
•  Want your own? Come talk with us or fork your own from:
http://bit.ly/global-idp
http://www.flickr.com/photos/shutter/105497713/sizes/l/in/photostream/ Chris Owens
www.canarie.ca | www.swamid.se
Thank you!
Contact:
Chris Phillips Chris.Phillips@canarie.ca
Anders Lördal Anders.lordal@hig.se
Chris & Anders in the hotel lobby IdP Installer hack-a-thon in San Francisco Nov’13
Identity week.
Photo by Nicole Harris
www.canarie.ca

More Related Content

What's hot

Accessibility testing technology, human touch and value
Accessibility testing technology, human touch and value Accessibility testing technology, human touch and value
Accessibility testing technology, human touch and value
Srinivasu Chakravarthula
 
Adobe Experience Manager (Adobe CQ) Capabilities and Experience @ Neev
Adobe Experience Manager (Adobe CQ) Capabilities and Experience @ NeevAdobe Experience Manager (Adobe CQ) Capabilities and Experience @ Neev
Adobe Experience Manager (Adobe CQ) Capabilities and Experience @ Neev
Neev Technologies
 
Extreme Programming for ETL and Data Analytics
Extreme Programming for ETL and Data AnalyticsExtreme Programming for ETL and Data Analytics
Extreme Programming for ETL and Data Analytics
Naresh Jain
 
WSO2Con EU 2015: Keynote - Cloud Native Apps… from a user point of view
WSO2Con EU 2015: Keynote - Cloud Native Apps… from a user point of viewWSO2Con EU 2015: Keynote - Cloud Native Apps… from a user point of view
WSO2Con EU 2015: Keynote - Cloud Native Apps… from a user point of view
WSO2
 
DrupalCamp LA 2014 - A Perfect Launch, Every Time
DrupalCamp LA 2014 - A Perfect Launch, Every TimeDrupalCamp LA 2014 - A Perfect Launch, Every Time
DrupalCamp LA 2014 - A Perfect Launch, Every Time
Suzanne Aldrich
 
java in cloud - adopt cloud dev's DHARMA
java in cloud - adopt cloud dev's DHARMAjava in cloud - adopt cloud dev's DHARMA
java in cloud - adopt cloud dev's DHARMA
Hochi Chuang
 

What's hot (6)

Accessibility testing technology, human touch and value
Accessibility testing technology, human touch and value Accessibility testing technology, human touch and value
Accessibility testing technology, human touch and value
 
Adobe Experience Manager (Adobe CQ) Capabilities and Experience @ Neev
Adobe Experience Manager (Adobe CQ) Capabilities and Experience @ NeevAdobe Experience Manager (Adobe CQ) Capabilities and Experience @ Neev
Adobe Experience Manager (Adobe CQ) Capabilities and Experience @ Neev
 
Extreme Programming for ETL and Data Analytics
Extreme Programming for ETL and Data AnalyticsExtreme Programming for ETL and Data Analytics
Extreme Programming for ETL and Data Analytics
 
WSO2Con EU 2015: Keynote - Cloud Native Apps… from a user point of view
WSO2Con EU 2015: Keynote - Cloud Native Apps… from a user point of viewWSO2Con EU 2015: Keynote - Cloud Native Apps… from a user point of view
WSO2Con EU 2015: Keynote - Cloud Native Apps… from a user point of view
 
DrupalCamp LA 2014 - A Perfect Launch, Every Time
DrupalCamp LA 2014 - A Perfect Launch, Every TimeDrupalCamp LA 2014 - A Perfect Launch, Every Time
DrupalCamp LA 2014 - A Perfect Launch, Every Time
 
java in cloud - adopt cloud dev's DHARMA
java in cloud - adopt cloud dev's DHARMAjava in cloud - adopt cloud dev's DHARMA
java in cloud - adopt cloud dev's DHARMA
 

Similar to TNC2014 Think Globally act locally: Simplifying Federated technologies

CAF Workshop BCNet2014
CAF Workshop BCNet2014CAF Workshop BCNet2014
CAF Workshop BCNet2014
Chris Phillips
 
Cloud and agile software projects: Overview and Benefits
Cloud and agile software projects: Overview and BenefitsCloud and agile software projects: Overview and Benefits
Cloud and agile software projects: Overview and Benefits
Guillaume Berche
 
DevOps, what should you decide, when, why & how - Vinita Rathi
DevOps, what should you decide, when, why & how - Vinita RathiDevOps, what should you decide, when, why & how - Vinita Rathi
DevOps, what should you decide, when, why & how - Vinita Rathi
JAXLondon_Conference
 
Hack for Good and Profit (Cloud Foundry Summit 2014)
Hack for Good and Profit (Cloud Foundry Summit 2014)Hack for Good and Profit (Cloud Foundry Summit 2014)
Hack for Good and Profit (Cloud Foundry Summit 2014)
VMware Tanzu
 
Patching is Your Friend in the New World Order of EPM and ERP Cloud
Patching is Your Friend in the New World Order of EPM and ERP CloudPatching is Your Friend in the New World Order of EPM and ERP Cloud
Patching is Your Friend in the New World Order of EPM and ERP Cloud
Datavail
 
Picnic Software - Developing a flexible and scalable application
Picnic Software - Developing a flexible and scalable applicationPicnic Software - Developing a flexible and scalable application
Picnic Software - Developing a flexible and scalable application
Nick Josevski
 
Cloud Based Cognitive Learning & IT Project Performance Platform (CLIPP Platf...
Cloud Based Cognitive Learning & IT Project Performance Platform (CLIPP Platf...Cloud Based Cognitive Learning & IT Project Performance Platform (CLIPP Platf...
Cloud Based Cognitive Learning & IT Project Performance Platform (CLIPP Platf...
Ed Sattar
 
Hadoop online training in india
Hadoop online training  in indiaHadoop online training  in india
Hadoop online training in indiaMadhu Trainer
 
Integrate Security and Compliance into your CI/CD Pipeline
Integrate Security and Compliance into your CI/CD PipelineIntegrate Security and Compliance into your CI/CD Pipeline
Integrate Security and Compliance into your CI/CD Pipeline
DevOps Indonesia
 
Atagg2015 Where testing is moving in agile cloud world!
Atagg2015 Where testing is moving in agile cloud world!Atagg2015 Where testing is moving in agile cloud world!
Atagg2015 Where testing is moving in agile cloud world!
Agile Testing Alliance
 
Cloud for agile_sw_projects-final
Cloud for agile_sw_projects-finalCloud for agile_sw_projects-final
Cloud for agile_sw_projects-final
Alain Delafosse
 
ITB2019 Keynotes Day 2 - Ortus Team
ITB2019 Keynotes Day 2 - Ortus TeamITB2019 Keynotes Day 2 - Ortus Team
ITB2019 Keynotes Day 2 - Ortus Team
Ortus Solutions, Corp
 
Into The Box 2019 - Keynote Day 2
Into The Box 2019 - Keynote Day 2Into The Box 2019 - Keynote Day 2
Into The Box 2019 - Keynote Day 2
Ortus Solutions, Corp
 
USG Rock Eagle 2017 - PWP at 1000 Days
USG Rock Eagle 2017 - PWP at 1000 DaysUSG Rock Eagle 2017 - PWP at 1000 Days
USG Rock Eagle 2017 - PWP at 1000 Days
Eric Sembrat
 
DevOps - What is | Advantages | Challenges | DevSecOps | Capabilities
DevOps - What is | Advantages | Challenges | DevSecOps | CapabilitiesDevOps - What is | Advantages | Challenges | DevSecOps | Capabilities
DevOps - What is | Advantages | Challenges | DevSecOps | Capabilities
SoftClouds LLC
 
SAP Teched 2012 Session Tec3438 Automate IaaS SAP deployments
SAP Teched 2012 Session Tec3438 Automate IaaS SAP deploymentsSAP Teched 2012 Session Tec3438 Automate IaaS SAP deployments
SAP Teched 2012 Session Tec3438 Automate IaaS SAP deployments
Chris Kernaghan
 
Delivering Applications Continuously to Cloud
Delivering Applications Continuously to CloudDelivering Applications Continuously to Cloud
Delivering Applications Continuously to Cloud
IBM UrbanCode Products
 
Amizoner Presentation
Amizoner PresentationAmizoner Presentation
Amizoner Presentation
Neil Mathew
 
Office 365 Intranet
Office 365 IntranetOffice 365 Intranet
Office 365 Intranet
Alan Eardley
 
Blue Shield of CA Revolutionizes its Portal Environment on IBM PureApplicatio...
Blue Shield of CA Revolutionizes its Portal Environment on IBM PureApplicatio...Blue Shield of CA Revolutionizes its Portal Environment on IBM PureApplicatio...
Blue Shield of CA Revolutionizes its Portal Environment on IBM PureApplicatio...Perficient, Inc.
 

Similar to TNC2014 Think Globally act locally: Simplifying Federated technologies (20)

CAF Workshop BCNet2014
CAF Workshop BCNet2014CAF Workshop BCNet2014
CAF Workshop BCNet2014
 
Cloud and agile software projects: Overview and Benefits
Cloud and agile software projects: Overview and BenefitsCloud and agile software projects: Overview and Benefits
Cloud and agile software projects: Overview and Benefits
 
DevOps, what should you decide, when, why & how - Vinita Rathi
DevOps, what should you decide, when, why & how - Vinita RathiDevOps, what should you decide, when, why & how - Vinita Rathi
DevOps, what should you decide, when, why & how - Vinita Rathi
 
Hack for Good and Profit (Cloud Foundry Summit 2014)
Hack for Good and Profit (Cloud Foundry Summit 2014)Hack for Good and Profit (Cloud Foundry Summit 2014)
Hack for Good and Profit (Cloud Foundry Summit 2014)
 
Patching is Your Friend in the New World Order of EPM and ERP Cloud
Patching is Your Friend in the New World Order of EPM and ERP CloudPatching is Your Friend in the New World Order of EPM and ERP Cloud
Patching is Your Friend in the New World Order of EPM and ERP Cloud
 
Picnic Software - Developing a flexible and scalable application
Picnic Software - Developing a flexible and scalable applicationPicnic Software - Developing a flexible and scalable application
Picnic Software - Developing a flexible and scalable application
 
Cloud Based Cognitive Learning & IT Project Performance Platform (CLIPP Platf...
Cloud Based Cognitive Learning & IT Project Performance Platform (CLIPP Platf...Cloud Based Cognitive Learning & IT Project Performance Platform (CLIPP Platf...
Cloud Based Cognitive Learning & IT Project Performance Platform (CLIPP Platf...
 
Hadoop online training in india
Hadoop online training  in indiaHadoop online training  in india
Hadoop online training in india
 
Integrate Security and Compliance into your CI/CD Pipeline
Integrate Security and Compliance into your CI/CD PipelineIntegrate Security and Compliance into your CI/CD Pipeline
Integrate Security and Compliance into your CI/CD Pipeline
 
Atagg2015 Where testing is moving in agile cloud world!
Atagg2015 Where testing is moving in agile cloud world!Atagg2015 Where testing is moving in agile cloud world!
Atagg2015 Where testing is moving in agile cloud world!
 
Cloud for agile_sw_projects-final
Cloud for agile_sw_projects-finalCloud for agile_sw_projects-final
Cloud for agile_sw_projects-final
 
ITB2019 Keynotes Day 2 - Ortus Team
ITB2019 Keynotes Day 2 - Ortus TeamITB2019 Keynotes Day 2 - Ortus Team
ITB2019 Keynotes Day 2 - Ortus Team
 
Into The Box 2019 - Keynote Day 2
Into The Box 2019 - Keynote Day 2Into The Box 2019 - Keynote Day 2
Into The Box 2019 - Keynote Day 2
 
USG Rock Eagle 2017 - PWP at 1000 Days
USG Rock Eagle 2017 - PWP at 1000 DaysUSG Rock Eagle 2017 - PWP at 1000 Days
USG Rock Eagle 2017 - PWP at 1000 Days
 
DevOps - What is | Advantages | Challenges | DevSecOps | Capabilities
DevOps - What is | Advantages | Challenges | DevSecOps | CapabilitiesDevOps - What is | Advantages | Challenges | DevSecOps | Capabilities
DevOps - What is | Advantages | Challenges | DevSecOps | Capabilities
 
SAP Teched 2012 Session Tec3438 Automate IaaS SAP deployments
SAP Teched 2012 Session Tec3438 Automate IaaS SAP deploymentsSAP Teched 2012 Session Tec3438 Automate IaaS SAP deployments
SAP Teched 2012 Session Tec3438 Automate IaaS SAP deployments
 
Delivering Applications Continuously to Cloud
Delivering Applications Continuously to CloudDelivering Applications Continuously to Cloud
Delivering Applications Continuously to Cloud
 
Amizoner Presentation
Amizoner PresentationAmizoner Presentation
Amizoner Presentation
 
Office 365 Intranet
Office 365 IntranetOffice 365 Intranet
Office 365 Intranet
 
Blue Shield of CA Revolutionizes its Portal Environment on IBM PureApplicatio...
Blue Shield of CA Revolutionizes its Portal Environment on IBM PureApplicatio...Blue Shield of CA Revolutionizes its Portal Environment on IBM PureApplicatio...
Blue Shield of CA Revolutionizes its Portal Environment on IBM PureApplicatio...
 

More from Chris Phillips

CANARIE Canadian Access Federation Update @ Internet2 Identity Week 2013
CANARIE Canadian Access Federation Update @ Internet2 Identity Week 2013CANARIE Canadian Access Federation Update @ Internet2 Identity Week 2013
CANARIE Canadian Access Federation Update @ Internet2 Identity Week 2013
Chris Phillips
 
Eduroam: A current view of the worldwide service
Eduroam: A current view of the worldwide serviceEduroam: A current view of the worldwide service
Eduroam: A current view of the worldwide service
Chris Phillips
 
All Things eduroam
All Things eduroamAll Things eduroam
All Things eduroam
Chris Phillips
 
National Federation Perspectives & Insights
National Federation Perspectives & InsightsNational Federation Perspectives & Insights
National Federation Perspectives & InsightsChris Phillips
 
Scim2012 q1update chrisphillips
Scim2012 q1update chrisphillipsScim2012 q1update chrisphillips
Scim2012 q1update chrisphillipsChris Phillips
 
Chris Phillips SCIM Mace-Dir Internet2 Fall Member Meeting Refresh
Chris Phillips SCIM Mace-Dir Internet2 Fall Member Meeting RefreshChris Phillips SCIM Mace-Dir Internet2 Fall Member Meeting Refresh
Chris Phillips SCIM Mace-Dir Internet2 Fall Member Meeting Refresh
Chris Phillips
 
Canarie Federated Non Web Signon
Canarie Federated Non Web SignonCanarie Federated Non Web Signon
Canarie Federated Non Web SignonChris Phillips
 
Canarie CAF-eduroam Technical Workshop
Canarie CAF-eduroam Technical WorkshopCanarie CAF-eduroam Technical Workshop
Canarie CAF-eduroam Technical Workshop
Chris Phillips
 
Canarie CAF- Shibboleth Workshop Topics
Canarie CAF- Shibboleth Workshop TopicsCanarie CAF- Shibboleth Workshop Topics
Canarie CAF- Shibboleth Workshop Topics
Chris Phillips
 
Moonshot Brainstorming Strawman
Moonshot Brainstorming StrawmanMoonshot Brainstorming Strawman
Moonshot Brainstorming StrawmanChris Phillips
 
Moonshot Brainstorming Strawman
Moonshot Brainstorming StrawmanMoonshot Brainstorming Strawman
Moonshot Brainstorming StrawmanChris Phillips
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
Chris Phillips
 
CANARIE Eduroam and Shibboleth Lessons & Areas of interest
CANARIE Eduroam and Shibboleth Lessons & Areas of interestCANARIE Eduroam and Shibboleth Lessons & Areas of interest
CANARIE Eduroam and Shibboleth Lessons & Areas of interest
Chris Phillips
 

More from Chris Phillips (13)

CANARIE Canadian Access Federation Update @ Internet2 Identity Week 2013
CANARIE Canadian Access Federation Update @ Internet2 Identity Week 2013CANARIE Canadian Access Federation Update @ Internet2 Identity Week 2013
CANARIE Canadian Access Federation Update @ Internet2 Identity Week 2013
 
Eduroam: A current view of the worldwide service
Eduroam: A current view of the worldwide serviceEduroam: A current view of the worldwide service
Eduroam: A current view of the worldwide service
 
All Things eduroam
All Things eduroamAll Things eduroam
All Things eduroam
 
National Federation Perspectives & Insights
National Federation Perspectives & InsightsNational Federation Perspectives & Insights
National Federation Perspectives & Insights
 
Scim2012 q1update chrisphillips
Scim2012 q1update chrisphillipsScim2012 q1update chrisphillips
Scim2012 q1update chrisphillips
 
Chris Phillips SCIM Mace-Dir Internet2 Fall Member Meeting Refresh
Chris Phillips SCIM Mace-Dir Internet2 Fall Member Meeting RefreshChris Phillips SCIM Mace-Dir Internet2 Fall Member Meeting Refresh
Chris Phillips SCIM Mace-Dir Internet2 Fall Member Meeting Refresh
 
Canarie Federated Non Web Signon
Canarie Federated Non Web SignonCanarie Federated Non Web Signon
Canarie Federated Non Web Signon
 
Canarie CAF-eduroam Technical Workshop
Canarie CAF-eduroam Technical WorkshopCanarie CAF-eduroam Technical Workshop
Canarie CAF-eduroam Technical Workshop
 
Canarie CAF- Shibboleth Workshop Topics
Canarie CAF- Shibboleth Workshop TopicsCanarie CAF- Shibboleth Workshop Topics
Canarie CAF- Shibboleth Workshop Topics
 
Moonshot Brainstorming Strawman
Moonshot Brainstorming StrawmanMoonshot Brainstorming Strawman
Moonshot Brainstorming Strawman
 
Moonshot Brainstorming Strawman
Moonshot Brainstorming StrawmanMoonshot Brainstorming Strawman
Moonshot Brainstorming Strawman
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
 
CANARIE Eduroam and Shibboleth Lessons & Areas of interest
CANARIE Eduroam and Shibboleth Lessons & Areas of interestCANARIE Eduroam and Shibboleth Lessons & Areas of interest
CANARIE Eduroam and Shibboleth Lessons & Areas of interest
 

Recently uploaded

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 

Recently uploaded (20)

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 

TNC2014 Think Globally act locally: Simplifying Federated technologies

  • 1. www.canarie.ca | www.swamid.se Presenters: Chris Phillips – CANARIE, Canada Anders Lördal– SWAMID, Sweden Think Globally, Act Locally: Simplifying Federated Technologies May 18 ,2014| TNC2014 | Dublin, Ireleand
  • 2. www.canarie.ca | www.swamid.se About CAF & SWAMID CAF SWAMID Size of Community 89 Universities, ~120 colleges 52 Institutions Size of Federation 103 SAML IdP:24 Shib,1 SSPHP, 33 SPs eduroam: 78 IdPs 78+ campus’ 333 SAML IdP: 45 Shib,1 SSPHP 4 ADFS, 1 pysaml, 278 SP eduroam: 39 IdPs 773 locations Coverage >48% > 98% Participate in eduGAIN? ✔ ✔ Challenge Uptake parity between eduroam & SAML related to time and skills Participants ability to remain current & maintain skills Shib=Shibboleth, SSPHP= SimpleSAMLPHP •  Even at different stages and coverage, we encounter similar challenges •  Opportunity to collaborate & leverage each others investments
  • 3. www.canarie.ca | www.swamid.se Response to the challenge •  Evolved approach to better match campus IT reality •  Reduced cost/effort implement & support •  Simplifies installation experience http://www.flickr.com/photos/madison_guy/3386919046/sizes/o/in/photostream/ Madison Guy Choose RADIUS server Install & Configure Test & Connect Preferred Server installed Pre-configured Tested Classic Approach IdP Installer Approach Preferred platform installed Pre-Configured Tested Choose platform Install & Configure Test & Connect
  • 4. www.canarie.ca | www.swamid.se Chris Phillips Origin of the collaborative work •  We both came to the table with something: •  SWAMID: original SAML installer & was refactoring •  CAF adopted paradigm for eduroam automation work •  Critical pieceà bootstrapped collaboration with ½ day in person session identifying key principles & mechanics
  • 5. www.canarie.ca | www.swamid.se Chris Phillips Origin of the collaborative work •  We both came to the table with something: •  SWAMID: original SAML installer & was refactoring •  CAF adopted paradigm for eduroam automation work •  Critical pieceà bootstrapped collaboration with ½ day in person session identifying key principles & mechanics Simple as possible, complex as needed Core Principle
  • 6. www.canarie.ca | www.swamid.se https://www.flickr.com/photos/75905404@N00/7126146307 OZinOH Principle Drives Design •  It’s not just the tool, but the techniques applied in the tool: •  Highly Extensible – be Federation aware, be tech agnostic.. •  Internalize complexity to simplify end users experience •  Internationalize by default instead of retrofit •  Embody best practices to avoid error in implementations
  • 7. www.canarie.ca | www.swamid.se The Results – The IDP Installer •  What is it? –  Installation script with HTML configuration to image a blank VM •  What does it do? –  Auto installs and configures IdP server components –  Configures entire system, not just software –  Supports eduroam and Shibboleth •  Benefits –  Fewer steps –  Hides technical complexity from user VM" Shibboleth
 Identity
 Provider" (2.4.0)" freeRADIUS" (2.1.12)" Apache Tomcat (6.0)" Java (openjdk 1.7)" Operating System (centOS6.4+ or Ubuntu 12.0.4)"
  • 8. www.canarie.ca | www.swamid.se Installation Improvements Outcomes •  Install effort reduced from 2 discrete projects to 1 on participant site •  Automated configuration reduces installation complexity and editing needs •  Speeds up installation •  Reduces errors
  • 9. www.canarie.ca | www.swamid.se Installation Overview Plan & Prepare installation Review System Requirements to prepare your environment. Prepare your network Prepare your environment (settings for Directory, Certificates, etc) Review and choose a preferred deployment approach Review your federation specific post install steps Do Installation Create a configuration from your federations' configuration builder Save configuration as 'config' in this directory on your server Run the script ./ deploy_idp.sh Answer any inline questions (password creation for keystores) Post installation tailoring Based on items previously identified, finalize the installation Identity steps needed to be repeated in production Local acceptance testing Contact FedOp to complete registration [1] From installer document in distribution: https://collaboration.canarie.ca/elgg/groups/profile/847/idp-installer
  • 10. www.canarie.ca | www.swamid.se Configuration Demo & Walk Through http://youtu.be/7DpHL9akgrg
  • 11. www.canarie.ca | www.swamid.se https://www.flickr.com/photos/julia_manzerova/4748112382/ Julia Mnazernova Weighing the Options •  A lot of great tools and techniques out there à had to choose wisely •  Driven by Principles and Requirements. How closely do these match yours?
  • 12. www.canarie.ca | www.swamid.se Contrasting Implementation Styles Model Benefit Drawback Example? Centralized/ Command & Control Centralized control Remote management capabilities •  Complexity is high for backend •  Not easily hosted locally •  May not meet needs for hands off remote operation GAAR Download VM preconfigured •  Quick, good degree of consistency •  Reliable troubleshooting •  Large binary distribution (is it necessary?) •  Expectation of responsibility for patching •  VM may not have all components & site wants access to root. •  Hard to scale variants. •  Cost of maintaining unwieldy Eduroam in a box VM Installer tool (implemented) •  Pre-existing code base •  Least complexity •  Smallest footprint •  Knowledge readily available •  Interface translation friendly •  Keeping current with dependencies takes effort •  Testing complexity is higher •  SWAMID original installer •  DevOps tools
  • 13. www.canarie.ca | www.swamid.se Contrasting Implementation Techniques Technique Benefits Drawbacks Puppet/Chef based In Producton Scales nationally Command and control with puppet Command and control required, some rigidity dilutes autonomy of sites Ansible based Able to get support DevOps friendly Not a broad skill set in the target community Various languages(java,perl, Expect) Various reasons (choose your favorite) Skill set hit and miss in the field. Existing investment in bash for installer Configuration in standalone HTML +javascript Ubiquiteous - Available inherent in system shell Maintainable Sophisticated or as primitive as you would like to use Easily tweaked because we know it will be Internationalization(i18n) friendly It’s bash & there’s a bit of baggage with that. HTML interface for cross browser compatibility
  • 14. www.canarie.ca | www.swamid.se Usage & Feedback CAF SWAMID Status to respective community •  Available as ‘Beta’. •  Awaiting feedback from handful of sites so we may transition to ‘General Availability’ Widely available for sites to use and test Community feedback Positive. One pilot site: Found deploying eduroam easier and are transitioning to eduroam as the only campus SSID for Fall 2014. Positive. At least four sites running One with active/standby config.
  • 15. www.canarie.ca | www.swamid.se Collaboration – Managing Change •  GitHub public repository used •  https://github.com/idp-installer-manager •  Core codebase in ‘idp-installer-global’ repo •  To use, strongly encouraged to fork your own ‘idp- installer-<Fed’n_name>’ •  Loosely couples code management •  Enables isolation for feature development •  (push) to global for review & promote to community. •  Other forks can retrieve (pull) from global at their own pace– as quick or as slowly as needed idp-installer-global idp-installer-CAF idp-installer- SWAMID ipd-installer- YOUR_FED_HERE
  • 16. www.canarie.ca | www.swamid.se Your Invited! •  Code base in use at CAF and SWAMID. •  Clone one of ours now to try it out (http://bit.ly/caf-idp / http://bit.ly/swamid-idp ) •  Want your own? Come talk with us or fork your own from: http://bit.ly/global-idp http://www.flickr.com/photos/shutter/105497713/sizes/l/in/photostream/ Chris Owens
  • 17. www.canarie.ca | www.swamid.se Thank you! Contact: Chris Phillips Chris.Phillips@canarie.ca Anders Lördal Anders.lordal@hig.se Chris & Anders in the hotel lobby IdP Installer hack-a-thon in San Francisco Nov’13 Identity week. Photo by Nicole Harris