Viktigaste uppgift: Web Browser SSO
|
|
- Luke White
- 2 years ago
- Views:
Transcription
1 Federation SAML Shibboleth programvara Jboss Java-system Namn: Uid: Organisation: inetorgperson Shibboleth programvara Unikt namn:... Roll: Funktioner som kan anropas:... Så här når du funktionerna:... Du kan lita på mig! Certikfikat:... Unikt namn:... Roll: Funktioner som kan anropas:... Så här når du funktionerna:... Du kan lita på mig! Certikfikat:... Browser SAML SAML Shibboleth programvara Unikt namn:... Roll: Funktioner som kan anropas:... Så här når du funktionerna:... Du kan lita på mig! Certikfikat:... SAML SAML Unikt namn:... Roll: Funktioner som kan anropas:... Så här når du funktionerna:... Du kan lita på mig! Certikfikat:... Shibboleth programvara Apache backend SimpleSAML -programvara PHP-program Unikt namn:... Roll: Funktioner som kan anropas:... Så här når du funktionerna:... Du kan lita på mig! Certikfikat:... Viktigaste uppgift: Web Browser SSO
2 Shibboleth programvara Unikt namn: https://idp.lu.se/idp/shibboleth Roll: Funktioner som kan anropas/så här når du dem: SingleSignOnService Binding: HTTP-Redirect Endpoint: https://idp.lu.se/idp/profile/saml2/redirect/sso AttributeService Binding: SOAP Endpoint: https://idp.lu.se/idp/profile/saml2/soap/attributequery ArtifactResolutionService Binding: SOAP Endpoint: https://idp.lu.se/idp/profile/saml2/soap/artifactresolution Du kan lita på mig: X509Certificate AwIBAgIEU2tfcTANBgkqhkiG9w0BAQsFADAdMRswGQYDVQQDDBJl? Shibboleth programvara inetorgperson Browser Unikt namn: https://mittsystem.lu.se/shibboleth Roll: Funktioner som kan anropas/så här når du dem: SingleLogoutService Binding: SOAP Endpoint: https://mittsystem.lu.se/shibboleth.sso/slo/soap AssertionConsumerService Binding: HTTP-POST Endpoint: https://mittsystem.lu.se/shibboleth.sso/saml2/post ArtifactResolutionService Binding: SOAP Endpoint: https://mittsystem.lu.se/shibboleth.sso/artifact/soap Du kan lita på mig: X509Certificate kxmjm0wjbumqswcqydvqqgewjtrteambgga1uecgwrthvu Hur får de reda på varandra? Hur går kommunikationen mellan dem till? Hur skapa säker överföring av data?
3 Attribut-förmedling (Tomcat 6) attribute-resolver.xml <AttributeDefinition/> <DataConnector/> attribute-filter.xml <AttributeFilterPolicy/> <AttributeRule/> SQL LDAP SAMLmeddelande (Apache 2.4) attribute-map.xml <Attribute/> attribute-policy.xml <AttributeFilterPolicy/> <AttributeRule/> Jboss backend AJP-request Attribut-lista VIA ENVIRONMENT Java-applikation JSF-dokument #{request.getattribute('testattr') Attribut-källor Statiska attribut Web-browser Redirect för inloggning Inloggning med uid/pwd AccessControl via attributregler AccessControl via attributregler
4 Attribut-förmedling i PHP a Web-browser Inloggning med uid/pwd Redirect för inloggning SAMLmeddelande Attribut-lista VIA HTTP-headers HTTP-request Attribut-källor (Tomcat 6) AccessControl via attributregler (Apache 2.4) AccessControl via attributregler Apache 2.2 backend LDAP attribute-resolver.xml attribute-map.xml SQL <AttributeDefinition/> <DataConnector/> <Attribute/> Statiska attribut PHP-applikation attribute-filter.xml <AttributeFilterPolicy/> <AttributeRule/> attribute-policy.xml <AttributeFilterPolicy/> <AttributeRule/> PHP-fil $_SERVER["HTTP_TESTATTR"];
5 Attribut-förmedling i PHP b Web-browser Inloggning med uid/pwd Redirect för inloggning Attribut-källor (Tomcat 6) AccessControl via attributregler SAMLmeddelande Applikationsserver Apache 2.4 SimpleSamlPHP LDAP attribute-resolver.xml PHP-applikation SQL Statiska attribut <AttributeDefinition/> <DataConnector/> Simplesamlphp-config filer $as = new SimpleSAML_Auth_Simple('default-sp'); $as->requireauth(); $attributes = $as->getattributes(); echo $attributes[ testattr ]; attribute-filter.xml <AttributeFilterPolicy/> <AttributeRule/>
6 Saml2int Web Browser SSO Deployment profile XML-encryption används inetorgperson Browser HTTP eller HTTPS SingleSignOnService Endpoint HTTPS <AuthnRequest> via HTTP-REDIRECT binding till :n <Response> Subject, Attribut <AuthnRequest> <Response> via HTTP-POST binding till :n HTTP eller HTTPS <Response> Subject, Attribut Respons från applikationen: webbsida och SSO-sessionsdata Request till applikationen om en webbsida <AuthnRequest> via HTTP-REDIRECT binding till :n <Response> via HTTP-POST binding till :n <AuthnRequest> AssertionConsumerService Endpoint HTTPS-förbindelse Request till om metadata XML-dokument med Metadata i klartext System entity Roll: HTTPS-förbindelse Request till om metadata System Entity Roll: XML-dokument med Metadata i klartext Det här är jag, det här är min roll, det här är mina funktioner, så här når du dem, du kan lita på mig Publicerad via Well Known location -metoden
7 SWAMID-federationen Krypterad förbindelse SAMLmeddelande / metadata? inetorgperson Skapa en jks-keystore med lösenord (self-signed) Subject: cn=www.minsajt.lu Issuer: samma som ovan Key: RSA 2048 bits Signature: SHA-256 with RSA Browser Krypterad förbindelse Extensions Subject Alternative Name: DNS Name: URI: URI: https://www.minsajt.lu/url/till/systemet Subject Key Identifier: Key Identifier: 0x... Krypterad förbindelse SAML-meddelande med krypterad data SAML-meddelande med klartext-data Generera ett CSR Importera erhållen signering Exportera privat nyckel med lösenord (.key) och publik nyckel/certifikat (.crt) (Tomcat 6) Krypterad förbindelse (Apache 2.4) SAML-meddelande eller metadata i klartext
8 Jboss EntityID: https://egaws4757.uw.lu.se/shibboleth C:\opt\shibboleth-sp C:/Program Files (x86)/internet2/shib2idp/credentials/idp.jks Metadata: https://egaws4757.uw.lu.se/shibboleth.sso/ Metadata C:\Apache24 EntityID: https://egaws4757.uw.lu.se:22443/idp/shibboleth C:/Program Files (x86)/internet2/shib2idp/credentials/idp.jks C:/Program Files (x86)/internet2/shib2idp/credentials/idp.key C:/Program Files (x86)/internet2/shib2idp/credentials/idp.crt Skapas med: install.bat renew-cert Metadata: https://egaws4757.uw.lu.se:22443/idp/shibboleth Tomcat cacerts: C:\Program Files\Java\jre7\lib\security\cacerts SAML - principal (användare) - Identity Provider - Service Provider
9 attribute-resolver.xml <resolver:attributedefinition xsi:type="ad:simple" id="testattr" sourceattributeid="testattr"> <resolver:dependency ref="testconnectorid"/> <resolver:attributeencoder xsi:type="enc:saml2string" name="test:testattr" friendlyname="testattr"/> </resolver:attributedefinition> <resolver:dataconnector id="testconnectorid" xsi:type="static" xmlns="urn:mace:shibboleth:2.0:resolver:dc"> <Attribute id="testattr"> <Value>hej</Value> </Attribute> </resolver:dataconnector> attribute-map.xml <Attribute name="test:testattr" id="testattr"> <AttributeDecoder xsi:type="stringattributedecoder" casesensitive="false"/> </Attribute> attribute-policy.xml <afp:attributerule attributeid="testattr"> <afp:permitvaluerule xsi:type="any"/> </afp:attributerule> attribute-filter.xml <afp:attributerule attributeid="testattr"> <afp:permitvaluerule xsi:type="basic:any"/> </afp:attributerule> shibboleth2.xml <ApplicationDefaults id="default" policyid="default" entityid="https://egaws4757.uw.lu.se/shibboleth" REMOTE_USER="eppn persistent-id targeted-id" attributeprefix="ajp_"> httpd.conf ProxyIOBufferSize <VirtualHost *:443>... ProxyPass /stip ajp://localhost:8009/stip </VirtualHost> standalone.xml <connector name="ajp" protocol="ajp/1.3" scheme="http" socket-binding="ajp" secure="true"/> <socket-binding name="ajp" port="8009"/>
10 attribute-resolver.xml <resolver:attributedefinition xsi:type="ad:simple" id="testattr" sourceattributeid="testattr"> <resolver:dependency ref="testconnectorid"/> <resolver:attributeencoder xsi:type="enc:saml2string" name="test:testattr" friendlyname="testattr"/> </resolver:attributedefinition> <resolver:dataconnector id="testconnectorid" xsi:type="static" xmlns="urn:mace:shibboleth:2.0:resolver:dc"> <Attribute id="testattr"> <Value>hej</Value> </Attribute> </resolver:dataconnector> attribute-map.xml <Attribute name="test:testattr" id="testattr"> <AttributeDecoder xsi:type="stringattributedecoder" casesensitive="false"/> </Attribute> attribute-policy.xml <afp:attributerule attributeid="testattr"> <afp:permitvaluerule xsi:type="any"/> </afp:attributerule> attribute-filter.xml <afp:attributerule attributeid="testattr"> <afp:permitvaluerule xsi:type="basic:any"/> </afp:attributerule> shibboleth2.xml <ApplicationDefaults id="default" policyid="default" entityid="https://egaws4757.uw.lu.se/shibboleth" REMOTE_USER="eppn persistent-id targeted-id" attributeprefix="ajp_"> httpd.conf (frontend) ProxyIOBufferSize <VirtualHost *:443>... ProxyPass /php ProxyPassReverse /php <Location /php> AuthType shibboleth ShibRequestSetting requiresession 1 require shib-session Require valid-user ShibUseHeaders On </Location> </VirtualHost>
11 attribute-resolver.xml <resolver:attributedefinition xsi:type="ad:simple" id="testattr" sourceattributeid="testattr"> <resolver:dependency ref="testconnectorid"/> <resolver:attributeencoder xsi:type="enc:saml2string" name="test:testattr" friendlyname="testattr"/> </resolver:attributedefinition> <resolver:dataconnector id="testconnectorid" xsi:type="static" xmlns="urn:mace:shibboleth:2.0:resolver:dc"> <Attribute id="testattr"> <Value>hej</Value> </Attribute> </resolver:dataconnector> attribute-map.xml <Attribute name="test:testattr" id="testattr"> <AttributeDecoder xsi:type="stringattributedecoder" casesensitive="false"/> </Attribute> attribute-policy.xml <afp:attributerule attributeid="testattr"> <afp:permitvaluerule xsi:type="any"/> </afp:attributerule> attribute-filter.xml <afp:attributerule attributeid="testattr"> <afp:permitvaluerule xsi:type="basic:any"/> </afp:attributerule> shibboleth2.xml <ApplicationDefaults id="default" policyid="default" entityid="https://egaws4757.uw.lu.se/shibboleth" REMOTE_USER="eppn persistent-id targeted-id" attributeprefix="ajp_"> httpd.conf (frontend) ProxyIOBufferSize <VirtualHost *:443>... ProxyPass /php ProxyPassReverse /php <Location /php> AuthType shibboleth ShibRequestSetting requiresession 1 require shib-session Require valid-user ShibUseHeaders On </Location> </VirtualHost>
12 Utbyte av metadata: 1. SOAP över HTTPS 2. Trust ska kunna etableras mellan relying parties enbart baserat på metadata Vad berättar metadata: Metadata identifierar och beskriver en eller flera system entities ( eller :er i vårt fall) och vad de har för roller, för faciliteter/funktioner och hur man når dem, samt etablerar trust mellan avsändaren och mottagaren av metadata. Innehåller 1. Unika identifierare/namn (entityid) för dessa system entities 2. Binding support och endpoints (URL:ar) för dessa bindings (dvs funktioner och hur man når dem) 3. Certifikat och nycklar (trust) Roller SSO Identity Provider SSO Service Provider Authentication Authority Attribute Authority Policy Decision Point Affiliation Hur hittar man metadata om en system entity? Well known location -metoden: En system entity har en unik identifierare (dvs ett valfritt unikt namn). Denna unika identifierare kan vara en url, och via denna url hittas metadata.
Federating with Web Applications
Federating with Web Applications Janusz Ulawski HEAnet Ltd November 11, 2010 Agenda 1 Providing access to your WebApp 2 Federated Access Software with SAML 2.0 support 3 Federating your WebApp Shibboleth
Shibboleth 2: A Guide for Deployers. Scott Cantor cantor.2@osu.edu Internet2 / The Ohio State University
Shibboleth 2: A Guide for Deployers Scott Cantor cantor.2@osu.edu Internet2 / The Ohio State University Outline Introduction to Shibboleth and Related Topics Software Architecture Deploying an Identity
Shibboleth SP Simple Installation Guide For LINUX
Division of IT Shibboleth SP Simple Installation Guide For LINUX University of Missouri Revision History AM July 2012 Created AM July 26, 2012 Changed links to SP download AM August 29, 2012 Updated for
Introducing Shibboleth
workshop Introducing Shibboleth MPG-AAI Workshop Clarin Centers Prague 2009 2009-11-06 MPG-AAI MPG-AAI a MPG-wide Authentication & Authorization Infrastructure for access control to web-based resources
DARIAH / DASISH AAI Workshop
DARIAH / DASISH AAI Workshop Day 1: October 17, 2013 Developer Workshop on Shibboleth and SAML enabling Applications Martin Haase, DAASI International Martin.Haase@DAASI.de Agenda Welcome by the host (Laurence
SharePoint 2007 Patrik Holsti patrik.holsti@cornerstone.se
Tid 13.00 16.00 Fika 14.15 14.30 Slides finns på http://www.cornerstone.se/downloads SharePoint 2007 Patrik Holsti patrik.holsti@cornerstone.se Ställ gärna frågor i pausen eller efter passet Vänligen stäng
Configuring. Moodle. Chapter 82
Chapter 82 Configuring Moodle The following is an overview of the steps required to configure the Moodle Web application for single sign-on (SSO) via SAML. Moodle offers SP-initiated SAML SSO only. 1 Prepare
Shibboleth Service Provider. Bart Ophelders - Philip Brusten shib@kuleuven.be
Shibboleth Service Provider Bart Ophelders - Philip Brusten shib@kuleuven.be November 2011 Shibboleth Service provider workshop This work is licensed under a Creative Commons Attribution-ShareAlike 3.0
Windowsadministration II, 7.5hp, 1DV424 MODUL 5 EXCHANGE SERVER 2013 FÖRELÄSNING 3
Windowsadministration II, 7.5hp, 1DV424 MODUL 5 EXCHANGE SERVER 2013 FÖRELÄSNING 3 Modul 5 - Exchange Server 2013 Öka tillgängligheten av Exchange Client Access Server Outlook Anywhere Outlook Web Access
Feide Integration Guide. Integrating a service provider with Feide
Feide Integration Guide Integrating a service provider with Feide May 2015 Document History Version Date Initials Comments 1.0 Nov 2009 HV First version of this document 1.1 Dec 2009 HV Updated URLs and
Moodle and Office 365 Step-by-Step Guide: Federation using Active Directory Federation Services
Moodle and Office 365 Step-by-Step Guide: Federation using Active Directory Federation Services This document is provided as-is. Information and views expressed in this document, including URL and other
Shibboleth SP Hands-on. Shilen Patel - shilen@duke.edu Rob Carter - rob@duke.edu Gonzalo Guzman - gonz@mcnc.org
Shibboleth SP Hands-on Shilen Patel - shilen@duke.edu Rob Carter - rob@duke.edu Gonzalo Guzman - gonz@mcnc.org Credits and Acknowledgements 2 These slides were created by Lukas Hämmerle and Chad La Joie
Federated Identity Management. Willem Elbers (MPI-TLA) EUDAT training
Federated Identity Management Willem Elbers (MPI-TLA) EUDAT training Date: 26 June 2012 Outline FIM and introduction to components Federation and metadata National Identity federations and inter federations
SAML single sign-on configuration overview
Chapter 46 Configurin uring Drupal Configure the Drupal Web-SAML application profile in Cloud Manager to set up single sign-on via SAML with a Drupal-based web application. Configuration also specifies
OIOSAML 2.0 Toolkits Test results May 2009
OIOSAML 2.0 Toolkits Test results May 2009 5. September 2008 - Søren Peter Nielsen: - Lifted and modified from http://docs.google.com/a/nemsso.info/doc?docid=dfxj3xww_7d9xdf7gz&hl=en by Joakim Recht 12.
CentraSite SSO with Trusted Reverse Proxy
CentraSite SSO with Trusted Reverse Proxy Introduction Single-sign-on (SSO) via reverse proxy is the preferred SSO method for CentraSite. Due to its flexibility the reverse proxy approach allows to apply
SAML Authentication within Secret Server
SAML Authentication within Secret Server Secret Server allows the use of SAML Identity Provider (IdP) authentication instead of the normal authentication process for single sign-on (SSO). To do this, Secret
The EUMETSAT EO Portal User Management Concept
The EUMETSAT EO Portal User Management Concept Second Workshop on the use of GIS/OGC standards in meteorology Météo-France International Conference Center 42 avenue Gaspard Coriolis, Toulouse, France 23.-25.
Shibboleth Configuration in Tübingen
Shibboleth Configuration in Tübingen Thomas Zastrow Yana Panchenko The university Tübingen is member of the DFN AAI The computing center in Tübingen runs a centralized IDP for the whole university In the
Scrum Kandidatprojekt datateknik - TDDD83
14-23- 1 Agenda Scrum Kandidatprojekt datateknik - TDDD83 Vad är scrum? Hur fungerar det? Hur ska scrum användas i kursen? Aseel Berglund IDA Agile Approaches - Agile Alliance Lightweight approaches to
Readme10_054.doc page 1 of 7
Readme10_054.doc page 1 of 7 Date of production: 2007-12-03 News in 10_054 Hardware 1) New thyristor module DASD 145, 600 V - 500 A 2) Improved speed control with incremental encoder at very low speed
Achieve Single Sign-on (SSO) for Microsoft ADFS
DEPLOYMENT GUIDE Achieve Single Sign-on (SSO) for Microsoft ADFS Leverage A10 Thunder ADC Application Access Manager (AAM) Table of Contents Overview...3 SAML Overview...3 Integration Topology...4 Deployment
mod_auth_pubtkt a pragmatic Web Single Sign-On solution by Manuel Kasper, Monzoon Networks AG mkasper@monzoon.net
mod_auth_pubtkt a pragmatic Web Single Sign-On solution by Manuel Kasper, Monzoon Networks AG mkasper@monzoon.net The login hell Solutions use client certificates and OCSP and get killed by end users?
Lets get a federated identity. Intro to Federated Identity. Feide OpenIdP. Enter your email address. Do you have access to your email?
Lets get a feated identity Intro to Feated Identity EuroCAMP Training for APAN32 This work is licensed un a Creative Commons Attribution ShareAlike 3.0 Unported License. Do you have access to your email?
This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:
CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access
Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML
Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML --------------------------------------------------------------------------------------------------------------------------- Contents Overview...
Securing Splunk with Single Sign On & SAML
Copyright 2015 Splunk Inc. Securing Splunk with Single Sign On & SAML Nachiket Mistry Sr. So=ware Engineer, Splunk Rama Gopalan Sr. So=ware Engineer, Splunk Disclaimer During the course of this presentajon,
Computer Services Documentation
Computer Services Documentation Shibboleth Documentation {Shibboleth & Google Apps Integration} John Paul Szkudlapski June 2010 Note: These case studies, prepared by member organisations of the UK federation,
Feide Integration Guide. Technical Requisites
Feide Integration Guide Technical Requisites Document History Version Date Author Comments 1.1 Apr 2015 Jaime Pérez Allow the use of the HTTP-POST binding. 1.0 Oct 2014 Jaime Pérez First version of this
Running Multiple Shibboleth IdP Instances on a Single Host
CESNET Technical Report 6/2013 Running Multiple Shibboleth IdP Instances on a Single Host IVAN NOVAKOV Received 10.12.2013 Abstract The article describes a way how multiple Shibboleth IdP instances may
Repetition inför tentan. Kommunikation. Infrastruktur. ÖP 13-17 Inga hjälpmedel. v v v
Repetition inför tentan v v v ÖP 13-17 Inga hjälpmedel Kommunikation Infrastruktur 1 Skalbarhet När det inte går bra Organisation 2 Illvilja Repetition inför tentan Tentan hur kommer den att bli? 13-17
AD FS 2.0 Step-by-Step Guide: Federation with Shibboleth 2 and the InCommon Federation
AD FS 2.0 Step-by-Step Guide: Federation with Shibboleth 2 and the InCommon Federation Microsoft Corporation Published: October 2010 Version: 1.0 Author: Dave Martinez, Principal, Martinez & Associates
Tips & Tricks med SAS Visual Analytics Carl-Olow Magnusson, Nordic VA Spearhead
Tips & Tricks med SAS Visual Analytics Carl-Olow Magnusson, Nordic VA Spearhead Copyright 2015, SAS Institute Inc. All rights reserved. 27:e Mars 2012 VA Copyright 2015, SAS Institute Inc. All rights reserved.
U S E R D O C U M E N TA T I O N ( A L E P H I N O
U S E R D O C U M E N TA T I O N ( A L E P H I N O 5. 0 ) Single-Sign-On Alephino Version 5.0 1/9 last updated: 17/09/2014 Table of contents 1 Mode of operation...3 2 Configuration examples with the Apache
Shibboleth Identity Provider (IdP) Sebastian Rieger sebastian.rieger@gwdg.de
Shibboleth Identity Provider (IdP) Sebastian Rieger sebastian.rieger@gwdg.de Gesellschaft für wissenschaftliche Datenverarbeitung mbh Göttingen, Germany CLARIN AAI Hands On Workshop, 25.02.2009, Oxford
Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x
Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x Sverview Trust between SharePoint 2010 and ADFS 2.0 Use article Federated Collaboration with Shibboleth 2.0 and SharePoint 2010 Technologies
SWAMID Identity Assurance Level 1 Profile
SWAMID Identity Assurance Level 1 Profile SWAMID Identity Assurance Level SWAMID Identity Assurance Level 1 Profile är SWAMIDs nya obligatoriska basprofil SWAMID BoT har beslutat att SWAMID AL1 ersätter
Microsoft SQL Server 2012: Designing Buisness Intelligence Solutions
Microsoft SQL Server 2012: Designing Buisness Intelligence s Längd: 5 Days Kurskod: M20467 Version: A Sammanfattning: Denna 5-dagarskurs lär dig hur du designar och implementerar en BI-Infrastruktur. Kursen
Разработка программного обеспечения промежуточного слоя. TERENA BASNET Workshop, 16-17 November 2009 Joost van Dijk - SURFnet
Разработка программного обеспечения промежуточного слоя TERENA BASNET Workshop, 16-17 November 2009 Joost van Dijk - SURFnet Contents - SURFnet Middleware Services department: - eduroam, SURFfederatie,
Perceptive Experience Single Sign-On Solutions
Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark
Administering mod_jk. To Enable mod_jk
The value of each redirect_n property has two components which can be specified in any order: The first component, from, specifies the prefix of the requested URI to match. The second component, url-prefix,
Egnyte Single Sign-On (SSO) Installation for OneLogin
Egnyte Single Sign-On (SSO) Installation for OneLogin To set up Egnyte so employees can log in using SSO, follow the steps below to configure OneLogin and Egnyte to work with each other. 1. Set up OneLogin
Providing Identification Services to External Entities using SAML NIKLAS MÖRNESTEN
Providing Identification Services to External Entities using SAML NIKLAS MÖRNESTEN Master of Science Thesis Stockholm, Sweden 2011 Providing Identification Services to External Entities using SAML NIKLAS
Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Drupal
SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
SAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
Marknadsföring som en del av intäktsprocessen.
Marknadsföring som en del av intäktsprocessen. Jonas Ander Mathias Jonsson Agenda: Nya köpbeteenden förändrar marknadsorganisationen Buzzword Bingo: MA, Content, Social, Inbound, Outbound, Predictive
HMA AWG Meeting Proposal for a Security Token Service - 29. September 2009 Marko Reiprecht con terra GmbH, Germany
HMA AWG Meeting Proposal for a Security Token Service - 29. September 2009 Marko Reiprecht con terra GmbH, Germany Goal Show the differences of two alternative federated user management specifications
Tanden Care Provider Interfaces PreAssessmentSTB v3
Tanden Care Provider Interfaces Integrationskrav ICC 2 (21) Table of contents 1 INTRODUCTION... 3 2 INTEGRATIONS... 4 3 INTEGRATION 1... 6 3.1 PREASSESSMENTSTB REQUEST... 6 3.1.1 Message and translation...
Shibboleth SP Simple Installation Guide For Windows and IIS
Division of IT Shibboleth SP Simple Installation Guide For University of Missouri October 1. Background 1.1. What is a Service Provider? To put it simply, a service provider is the website you are trying
Feide Technical Guide. Technical details for integrating a service into Feide
Feide Technical Guide Technical details for integrating a service into Feide May 2015 Document History Version Date Initials Comments 1.0 Nov 2009 TG First issue 1.2 Nov 2009 TG Added SLO description 1.3
Identity Federation For Authenticating and Authorizing Researchers
Identity Federation For Authenticating and Authorizing Researchers Cletus Okolie NOC Manager Eko-Konnect Research and Education Initiative Outline What are IdFs? IdF components Software Packages for IdF
What Is the Productivity Gain in Machine Translation of Subtitles?
What Is the Productivity Gain in Machine Translation of Subtitles? Martin Volk University of Zurich, Switzerland Mark Fishel TextShuttle, Switzerland Lindsay Bywood VSI and Imperial College, UK Yota Georgakopoulou
Design Suggestions for Danske Bank SE
2013 10 14 Version 1.0 Instigated and approved by: Compiled by: Karin Haskå (KHAS) Ian Baden (IAB) Jim Persson (JIMP) Design Suggestions for Danske Bank SE Collected design suggestions from the swedish
Intro to Federated Identity
Intro to Federated Identity EuroCAMP Training This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. 1 Lets get a federated identity Do you have access to your email?
IAM Application Integration Guide
IAM Application Integration Guide Date 03/02/2015 Version 0.1 DOCUMENT INFORMATIE Document Title IAM Application Integration Guide File Name IAM_Application_Integration_Guide_v0.1_SBO.docx Subject Document
SAML v2.0 for.net Developer Guide
SAML v2.0 for.net Developer Guide Copyright ComponentSpace Pty Ltd 2004-2015. All rights reserved. www.componentspace.com Contents 1 Introduction... 1 1.1 Features... 1 1.2 Benefits... 1 1.3 Prerequisites...
IAM, Enterprise Directories and Shibboleth (oh my!)
IAM, Enterprise Directories and Shibboleth (oh my!) Gary Windham Senior Enterprise Systems Architect University Information Technology Services windhamg@email.arizona.edu What is IAM? Identity and Access
Install a Shibboleth v3 IdP on Ubuntu Linux (version 14.04 LTS)
Install a Shibboleth v3 IdP on Ubuntu Linux (version 14.04 LTS) Author : Pascal Panneels, Belnet - R&E Federation Versions : - 1.0 (27/10/2015) : initial release, format and content inspired by : o Tuakiri
AGENDA WINDOWS PRESENTATION FOUNDATION LEKTION 4. Statusbar Hyperlänkar WebBrowser TabControl Ribbon ListBox Data Template Resource Dictionary Style
WINDOWS PRESENTATION FOUNDATION LEKTION 4 Mahmud Al Hakim mahmud@alhakim.se www.alhakim.se COPYRIGHT 2015 MAHMUD AL HAKIM WWW.WEBACADEMY.SE 1 AGENDA Statusbar Hyperlänkar WebBrowser TabControl Ribbon ListBox
KINAR13h, KINLO13h. The marking period is, for the most part, 15 working days, otherwise it s the following date:
Materialplanering och Styrning 7.5 ECTS Ladokcode: The exam is given to: 41I29M KININ13h, KININ13h1, KINAF13h-pgrp3, KINAF13h-pgrp4, KINAR13h, KINLO13h ExamCode: Date of exam: 2016-01-12 Time: 14:00 18:00
Authentication Methods
Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the
Using simplesamlphp as an identity provider
Andreas Åkre Solberg Table of Contents Thu Jun 19 08:20:30 2008 simplesamlphp documentation... 1 Enabling the Identity Provider functionality... 1 Authentication modules...
Unified Access for Enterprise Users
Unified Access for Enterprise Users Informational webinar Chinmay Meghani Liferay Portal Specialist Fulcrum Worldwide, Inc. Mehria Askaryar Business Development Manager Fulcrum Worldwide, Inc. Agenda Introduction
InTime API - Exempel kod
InTime API - Exempel kod Exempel kod för att anropa Intime HTTP API. Översikt funktioner C# Meddelanden PHP Meddelanden 1 C# - Meddelanden En generell klass för att anropa Intime API som används i samtliga
QualysGuard SAML 2.0 Single Sign-On. Technical Brief
QualysGuard SAML 2.0 Single Sign-On Technical Brief Introduction Qualys provides its customer the option to use SAML 2.0 Single Sign On (SSO) authentication with their QualysGuard subscription. When implemented,
SAS Data Integration SAS Business Intelligence
Kursöversikt 2010 SAS Education Providing knowledge through global training and certification SAS Data Integration SAS Business Intelligence Specialkurser SAS Forum 2010 Kontaktinformation Stora Frösunda
IBM WebSphere Application Server
IBM WebSphere Application Server SAML 2.0 web single-sign-on 2012 IBM Corporation This presentation describes support for SAML 2.0 web browser Single Sign On profile included in IBM WebSphere Application
WINDOWS PRESENTATION FOUNDATION LEKTION 3
WINDOWS PRESENTATION FOUNDATION LEKTION 3 Mahmud Al Hakim mahmud@alhakim.se www.alhakim.se COPYRIGHT 2015 MAHMUD AL HAKIM WWW.WEBACADEMY.SE 1 AGENDA Introduktion till Databindning (Data Binding) Element
Kantara egov and SAML2int comparison
Kantara egov and SAML2int comparison 17.8.2010/mikael.linden@csc.fi This document compares the egovernment Implementation profile of SAML 2.0, created by the egovernment WG of Kantara Initiative, and the
How to setup HTTP & HTTPS Load balancer for Mediator
How to setup HTTP & HTTPS Load balancer for Mediator Setting up the Apache HTTP Load Balancer for Mediator This guide would help you to setup mediator product to run via the Apache Load Balancer in HTTP
DEPLOYMENT GUIDE. SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity
DEPLOYMENT GUIDE SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity Table of Contents SAML Overview...3 Integration Topology...3 Deployment Requirements...4 Configuration Steps...4 Step
Ange om en aktivitet har medfört att en tjänsteresa har utförts med flyg under 2013, och i sådana fall antal gånger.
Institutionen för lingvistik - Survey of travel at SU for 2013 Answer Count: 16 Ange om en aktivitet har medfört att en tjänsteresa har utförts med flyg under 2013, och i sådana fall antal gånger. Specify
Using Shibboleth for Single Sign- On
Using Shibboleth for Single Sign- On One Logon to Rule them all.. Kirk Yaros Director, Enterprise Services Mott Community College 1 Agenda Overview of Mott Overview of Shibboleth and Mott s Project Review
Keycloak SAML Client Adapter Reference Guide
Keycloak SAML Client Adapter Reference Guide SAML 2.0 Client Adapters 1.7.0.Final Preface... v 1. Overview... 1 2. General Adapter Config... 3 2.1. SP Element... 4 2.2. SP Keys and Key elements... 5 2.2.1.
Spring Security SAML module
Spring Security SAML module Author: Vladimir Schäfer E-mail: vladimir.schafer@gmail.com Copyright 2009 The package contains the implementation of SAML v2.0 support for Spring Security framework. Following
AA enabling a closed source legacy application
AA enabling a closed source legacy application Jan Du Caju ICT security officer K.U.Leuven Belgium AA enabling a closed source legacy application Introduction: context association K.U.Leuven Case: AA enabling
About Me. #ccceu. @shapeblue. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack
Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack About Me KVM, API, DB, Upgrades, SystemVM, Build system, various subsystems Contributor and Committer
INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE
INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE Legal Marks No portion of this document may be reproduced or copied in any form, or by
SSO Plugin. Case study: Integrating with Ping Federate. J System Solutions. http://www.javasystemsolutions.com. Version 4.0
SSO Plugin Case study: Integrating with Ping Federate J System Solutions Version 4.0 JSS SSO Plugin v4.0 Release notes Introduction... 3 Ping Federate Service Provider configuration... 4 Assertion Consumer
AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle lukas.haemmerle@switch.ch
AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes Lukas Hämmerle lukas.haemmerle@switch.ch Berne, 13. August 2014 Introduction App by University of St. Gallen Universities
Jag valde att använda Net-EPP_client.php från centralnic för att komma igång.
EPP och PHP Det finns flera olika klienter där ute för att hantera epp. Net_EPP_client.php phpsrs Hanterar bara EPP kommunikationen. Enkel http://labs.centralnic.com/net_epp_client.php Mer komplett Klarar
Deployment Guide Oracle Siebel CRM
Deployment Guide Oracle Siebel CRM DG_ OrSCRM_032013.1 TABLE OF CONTENTS 1 Introduction...4 2 Deployment Topology...4 2.1 Deployment Prerequisites...6 2.2 Siebel CRM Server Roles...7 3 Accessing the AX
PicketLink Federation User Guide 1.0.0
PicketLink Federation User Guide 1.0.0 by Anil Saldhana What this Book Covers... v I. Getting Started... 1 1. Introduction... 3 2. Installation... 5 II. Simple Usage... 7 3. Web Single Sign On (SSO)...
Development allowance and activity grant [Aktivitetsstöd och utvecklingsersättning]
Development allowance and activity grant [Aktivitetsstöd och utvecklingsersättning] If you are participating in a labour market programme, you are eligible for development allowance or an activity grant.
Single Sign-On: Integrating AWS, OpenLDAP, and Shibboleth
Single Sign-On: Integrating AWS, OpenLDAP, and Shibboleth A Step-by-Step Walkthrough Matthew Berry, AWS Identity and Access Management April 2015 2015, Amazon Web Services, Inc. or its affiliates. All
Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER
Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Table of Contents Introduction.... 3 Requirements.... 3 Horizon Workspace Components.... 3 SAML 2.0 Standard.... 3 Authentication
Howto: Create a virtual platform Shibboleth
CAROUX Félicien NEMPONT Maxime Promotion FI-2010 Howto: Create a virtual platform Shibboleth Scientific & IT Project 2009-2010 Supervisor: M. LANDRU Jacques (Telecom Lille 1) M. SAGNIMORTE Thomas (Oxylane)
Spring Security SAML Extension
Reference Documentation 1.0.0.RC2 Vladimír Schäfer Copyright 2009-2013 Vladimír Schäfer Table of Contents I. Getting Started... 1 1. Introduction... 2 1.1. What this manual covers... 2 1.2. When to use
The Vetuma Service of the Finnish Public Administration SAML interface specification Version: 3.5
The Vetuma Service of the Finnish Public Administration SAML interface specification Version: 3.5 Vetuma Authentication and Payment Table of Contents 1. Introduction... 3 2. The General Features of the
PRESS LOOKBOOK KLOCKOR SMYCKEN
PRESS LOOKBOOK KLOCKOR SMYCKEN www.mi-moneda.com Utbytbara mynt Guess Connect - de nya SMARTA klockorna från Guess. Tillverkade i samarbete med Californiabaserade, prisbelönta Martian Watches. Guess
SAML and OAUTH comparison
SAML and OAUTH comparison DevConf 2014, Brno JBoss by Red Hat Peter Škopek, pskopek@redhat.com, twitter: @pskopek Feb 7, 2014 Abstract SAML and OAuth are one of the most used protocols/standards for single
Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt
Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................
DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP LTM with Apache Tomcat and Apache HTTP Server
DEPLOYMENT GUIDE Version 1.0 Deploying the BIG-IP LTM with Apache Tomcat and Apache HTTP Server Table of Contents Table of Contents Deploying the BIG-IP LTM with Tomcat application servers and Apache web
PRTK. Password Recovery ToolKit EFS (Encrypting File System) http://en.wikipedia.org/wiki/encrypting_file_system
PRTK Password Recovery ToolKit EFS (Encrypting File System) http://en.wikipedia.org/wiki/encrypting_file_system PRTK Overview - Interface Manage Profiles... Dictionary Tools... Right or double click to
HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services
1 HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided
How to: log on to ProjectWise
MANUAL 1 (11) How to: log on to ProjectWise in Trafikverket Version: Cause for update: Date of update: Updated by: 0.1 Creating the document 2013-03-06 Ania-Mee Berg MANUAL 2 (11) Table of contents 1.
Microsoft + SOA = Sant? Joakim Linghall Principal System Engineer SOA and Business Process joakiml@microsoft.com
Microsoft + SOA = Sant? Joakim Linghall Principal System Engineer SOA and Business Process joakiml@microsoft.com Agenda Real World SOA En plattform för SOA ESB SOA Governance Exempel Lite om framtiden
Appendix 1 Technical Requirements
1 av 13 Appendix 1 Technical Requirements Version 2.4.7 Technical requirements for membership in the Skolfederation The Skolfederation has, like many other federation initiatives, the goal to use the following
Tanden Care Provider Interfaces Submit Claim v3
Tanden Care Provider Interfaces Submit Claim v3 Integrationskrav ICC 2 (32) Table of contents 1 2 3 4 5 INTRODUCTION... 3 INTEGRATIONS... 3 INTEGRATION 1... 6 3.1 SUBMITCLAIM REQUEST... 6 3.1.1 Message
Identity Assurance Hub Service SAML 2.0 Profile v1.2a
1 2 3 4 Identity Assurance Hub Service SAML 2.0 Profile v1.2a Identity Assurance Programme, 07 August 2015 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Document identifier: IDAP/HubService/Profiles/SAML Editors: