Trials and (Minor) Tribulations

Size: px
Start display at page:

Download "Trials and (Minor) Tribulations"

Transcription

1 Leif Johansson Trials and (Minor) Tribulations Configuring SAKAI for Shibboleth 1

2 Shibbolizing Sakai... [pffft] How hard could it be? 2

3 Shibboleth Federated identity management Cross-domain auth and authz 3

4 Shibboleth SAML 2.x & 1.x web SSO profile Used in a number of HE federations in-common (.edu) switch-aai (.ch) swamid (.se) dk-aai (.dk) haka (.fi) cru-pilot (.fr) 4

5 Why federate identity? Keep identity management where the customer relation is (eg students at university). Avoid having a separate identity for each service. Avoid identity-lifecycle support requests. 5

6 Why federate access to SAKAI? Build shared service centers for LMS. Allow external users into project sites. University systems and mergers. 6

7 Why use Shibboleth? Its the reference implementation of the SAML 2.0 web SSO profile. Clean interface between application container (aka SP) and application. Very few actual dependencies on Shibboleth itself in the finished product. 7

8 Shibbolizing Apps 101: Delegate authentication to the application container using REMOTE_USER. Use information present in the attributeassertions to create/update the applicationinternal user-model upon each login. 8

9 Shibbolizing Apps 201 Authorization (authz) based on attributeassertions. 9

10 Now then... Shibbolizing SAKAI Seriously, how hard could it be? 10

11 Take 1: Its a UserDirectoryProvider No it isn't (well sortof) Attributes are available through the HttpServletRequest. There is no way to search for federated identities! You could do it this way but it would suck. 11

12 Take 2: Its a UserDirectoryService Nope (sortof) for mostly the same reasons... 12

13 Take 3: Its a login servlet! Sure why not. and a UserDirectoryService too (read on...) 13

14 ShibContainerLogin public class ShibContainerLogin extends ContainerLogin {... private class UserInfo {... public UserInfo(HttpServletRequest req, String eid) { // attributes from req are consumed here! } protected void doget(final HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { } } runas(adminuser,req,new Runnable() { // create a UserInfo to grab attributes from req. // Using the rights of an adminuser create/update // the user info of the user whose EID is in // getuserprincipal (REMOTE_USER) } 14

15 Note well Nothing so far depends on Shibboleth. Any SSO that uses attribute-release through the request would work. runas runas was (almost) pilfered from su-tool completely general should go in separate component 15

16 Not quite done yet... We need a UserDirectoryService anyway Those users have to be stored somewhere! DbUserService is almost ok but... DbUserService assumes a UserDirectoryProvider There is no lookup/search in a federated setting The Answer:... (drumroll) 16

17 PromiscuousDbUserService public abstract class PromiscousDbUserService extends DbUserService { } public String getuserid(string eid) throws UserNotDefinedException { // Yeah sure whatever, I got your user right here! } 17

18 FAQ So anyone can do anything in your SAKAI? No! The ShibContainerLogin.UserInfo implements scopebased usertype assignement. Users not from trusted are of type 'guest'. How can I invite users? Directly using their federated identity as the EID (eg Looks like an adress but isn't! The PromiscuousDbUserService will create fake entries on demand so you can refer to users who haven't logged in. Can I invite using ? Yes but we haven't implemented it fully yet. It would be pretty easy but would depend on the user knowing which adress their IdP sends (whch is often the case). 18

19 Current Status and Credits In production on We're happy to add your federation to the list at the top. Patches against 2.3 (2.4 soon) Most of the work done by Leif Johansson & Klas Lindfors 19

20 Next Steps Documentation Fully support invites Federated CourseManagement eg Internet2 CourseID schema 20

21 Summary Life in a federated world is different! There is no global directory of users. Usernames will contain Information about the user follows the session. Users are unknown until they login (but we can fake it). Our simple approach works well enough. Most of the limitations have workarounds. Paradigm shifts always involve pain. 21

22 Sektionen för IT och media Stockholms universitet Frescati Hagväg Stockholm Tfn:

InCommon Affiliate Webinar Series

InCommon Affiliate Webinar Series InCommon Affiliate Webinar Series Aegis Identity Case Study: Just-in-Time Provisioning and IDP Proxy Management November 19, 2014 CASE STUDY IN JUST-IN-TIME PROVISIONING AND IDP PROXY MANAGEMENT Jim Faut

More information

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS) w w w. e g n y t e. c o m Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS) To set up ADFS so that your employees can access Egnyte using their ADFS credentials,

More information

Software Design Document SAMLv2 IDP Proxying

Software Design Document SAMLv2 IDP Proxying Software Design Document SAMLv2 IDP Proxying Federation Manager 7.5 Version 0.2 Please send comments to: dev@opensso.dev.java.net This document is subject to the following license: COMMON DEVELOPMENT AND

More information

QualysGuard SAML 2.0 Single Sign-On. Technical Brief

QualysGuard SAML 2.0 Single Sign-On. Technical Brief QualysGuard SAML 2.0 Single Sign-On Technical Brief Introduction Qualys provides its customer the option to use SAML 2.0 Single Sign On (SSO) authentication with their QualysGuard subscription. When implemented,

More information

Egnyte Single Sign-On (SSO) Installation for OneLogin

Egnyte Single Sign-On (SSO) Installation for OneLogin Egnyte Single Sign-On (SSO) Installation for OneLogin To set up Egnyte so employees can log in using SSO, follow the steps below to configure OneLogin and Egnyte to work with each other. 1. Set up OneLogin

More information

USING ESPRESSO [ESTABLISHING SUGGESTED PRACTICES REGARDING SINGLE SIGN ON] TO STREAMLINE ACCESS

USING ESPRESSO [ESTABLISHING SUGGESTED PRACTICES REGARDING SINGLE SIGN ON] TO STREAMLINE ACCESS USING ESPRESSO [ESTABLISHING SUGGESTED PRACTICES REGARDING SINGLE SIGN ON] TO STREAMLINE ACCESS Andy Ingham (UNC-Chapel Hill) NASIG Annual Conference, June 4, 2011 What I hope to cover Problem statement

More information

Shibboleth User Verification Customer Implementation Guide 2015-03-13 Version 3.5

Shibboleth User Verification Customer Implementation Guide 2015-03-13 Version 3.5 Shibboleth User Verification Customer Implementation Guide 2015-03-13 Version 3.5 TABLE OF CONTENTS Introduction... 1 Purpose and Target Audience... 1 Commonly Used Terms... 1 Overview of Shibboleth User

More information

Enterprise & Vertical Reporting. Challenges and Solutions

Enterprise & Vertical Reporting. Challenges and Solutions Enterprise & Vertical Reporting Challenges and Solutions The Challenge: How do you design a real time data collection system that is scalable for states and districts that is easy to use and extendible

More information

Broadening Iden-ty & Access Management: InCommon Federa-on

Broadening Iden-ty & Access Management: InCommon Federa-on Broadening Iden-ty & Access Management: InCommon Federa-on John Krienke jcwk@internet2.edu 700 InCommon Participants Year-to-Year https://www.incommon.org/participants/ Number of Participants 600 500 400

More information

Authentication Integration

Authentication Integration Authentication Integration VoiceThread provides multiple authentication frameworks allowing your organization to choose the optimal method to implement. This document details the various available authentication

More information

Using Shibboleth for Single Sign- On

Using Shibboleth for Single Sign- On Using Shibboleth for Single Sign- On One Logon to Rule them all.. Kirk Yaros Director, Enterprise Services Mott Community College 1 Agenda Overview of Mott Overview of Shibboleth and Mott s Project Review

More information

ArpViewer Manual Version 1.0.6 Datum 30.9.2007

ArpViewer Manual Version 1.0.6 Datum 30.9.2007 SWITCHaai ArpViewer Manual Version 1.0.6 Datum 30.9.2007 AAI C.Witzig Content 1. Introduction...3 2. Functional Description...3 3. Description of the Components...3 3.1. Arpfilter...3 3.2. Controller...4

More information

Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources

Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources Paul Riddle University of Maryland Baltimore County EDUCAUSE Mid-Atlantic Regional Conference January 16, 2008 Copyright

More information

Authentication and Single Sign On

Authentication and Single Sign On Contents 1. Introduction 2. Fronter Authentication 2.1 Passwords in Fronter 2.2 Secure Sockets Layer 2.3 Fronter remote authentication 3. External authentication through remote LDAP 3.1 Regular LDAP authentication

More information

White Paper March 1, 2005. Integrating AR System with Single Sign-On (SSO) authentication systems

White Paper March 1, 2005. Integrating AR System with Single Sign-On (SSO) authentication systems White Paper March 1, 2005 Integrating AR System with Single Sign-On (SSO) authentication systems Copyright 2005 BMC Software, Inc. All rights reserved. BMC, the BMC logo, all other BMC product or service

More information

Add Microsoft Azure as the Federated Authenticator in WSO2 Identity Server

Add Microsoft Azure as the Federated Authenticator in WSO2 Identity Server Add Microsoft Azure as the Federated Authenticator in WSO2 Identity Server This blog will explain how to use Microsoft Azure as a Federated Authenticator for WSO2 Identity Server 5.0.0. In this example

More information

AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle lukas.haemmerle@switch.ch

AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle lukas.haemmerle@switch.ch AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes Lukas Hämmerle lukas.haemmerle@switch.ch Berne, 13. August 2014 Introduction App by University of St. Gallen Universities

More information

SAML single sign-on configuration overview

SAML single sign-on configuration overview Chapter 46 Configurin uring Drupal Configure the Drupal Web-SAML application profile in Cloud Manager to set up single sign-on via SAML with a Drupal-based web application. Configuration also specifies

More information

Logout Support on SP and Application

Logout Support on SP and Application Logout Support on SP and application Logout Support on SP and Application Possibilities and and Limitations SWITCHaai Team aai@switch.ch Single Logout: Is it possible? Single Logout will work only in some

More information

Weblogic as a Service Provider for CERN Web Applications: APEX & Java EE

Weblogic as a Service Provider for CERN Web Applications: APEX & Java EE Luis Rodriguez Fernandez. CERN IT Weblogic as a Service Provider for CERN Web Applications: APEX & Java EE UKOUG 04/12/2013 lurodrig@cern.ch AGENDA About CERN Why SSO? CERN SSO The challenge: integrate

More information

INTRODUCTION TO WEB TECHNOLOGY

INTRODUCTION TO WEB TECHNOLOGY UNIT-I Introduction to Web Technologies: Introduction to web servers like Apache1.1, IIS, XAMPP (Bundle Server), WAMP Server(Bundle Server), handling HTTP Request and Response, installation of above servers

More information

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication

More information

Perceptive Experience Single Sign-On Solutions

Perceptive Experience Single Sign-On Solutions Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark

More information

External and Federated Identities on the Web

External and Federated Identities on the Web External and Federated Identities on the Web Jan Pazdziora Sr. Principal Software Engineer Identity Management Special Projects, Red Hat 1 st October 2015 Scope and problem statement Applications get deployed

More information

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae Masdar Institute Single Sign-On: Standards-based Identity Federation John Mikhael ICT Department jmikhael@masdar.ac.ae Agenda The case for Single Sign-On (SSO) Types of SSO Standards-based Identity Federation

More information

Federated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications

Federated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications Federated Identity Management and Shibboleth Noreen Hogan Asst. Director Enterprise Admin. Applications Federated Identity Management Management of digital identity/credentials (username/password) Access

More information

T his feature is add-on service available to Enterprise accounts.

T his feature is add-on service available to Enterprise accounts. SAML Single Sign-On T his feature is add-on service available to Enterprise accounts. Are you already using an Identity Provider (IdP) to manage logins and access to the various systems your users need

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview) Chapter 83 WebEx This chapter includes the following sections: An overview of configuring WebEx for single sign-on Configuring WebEx for SSO Configuring WebEx in Cloud Manager For more information about

More information

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview) Chapter 94 Intacct This section contains the following topics: "An overview of configuring Intacct for single sign-on" on page 94-710 "Configuring Intacct for SSO" on page 94-711 "Configuring Intacct in

More information

Shibboleth N-Tier Support. Chad La Joie chad.lajoie@switch.ch

Shibboleth N-Tier Support. Chad La Joie chad.lajoie@switch.ch Shibboleth N-Tier Support Chad La Joie chad.lajoie@switch.ch Agenda Use Case Terminology Shibboleth Solution Future Effort Resources 2 Use Case Current use case comes from University of Chicago University

More information

Single Sign-On for the UQ Web

Single Sign-On for the UQ Web Single Sign-On for the UQ Web David Gwynne Infrastructure Architect, ITIG, EAIT Taxonomy Authentication - Verification that someone is who they claim to be - ie, only the relevant user

More information

Shibboleth Authentication. Information Systems & Computing Identity and Access Management May 23, 2014

Shibboleth Authentication. Information Systems & Computing Identity and Access Management May 23, 2014 Shibboleth Authentication Information Systems & Computing Identity and Access Management May 23, 2014 For every question an answer: Why should I care about SAML? What is a Shibboleth? What is a Federation?

More information

Connected Data. Connected Data requirements for SSO

Connected Data. Connected Data requirements for SSO Chapter 40 Configuring Connected Data The following is an overview of the steps required to configure the Connected Data Web application for single sign-on (SSO) via SAML. Connected Data offers both IdP-initiated

More information

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated. Chapter 87 Configuring Smartsheet The following is an overview of the steps required to configure the Smartsheet Web application for single sign-on (SSO) via SAML. Smartsheet offers both IdP-initiated

More information

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015 Federation At Fermilab Al Lilianstrom National Laboratories Information Technology Summit May 2015 About Fermilab Since 1967, Fermilab has worked to answer fundamental questions and enhance our understanding

More information

SSO Plugin. HP Service Request Catalog. J System Solutions. http://www.javasystemsolutions.com Version 3.6

SSO Plugin. HP Service Request Catalog. J System Solutions. http://www.javasystemsolutions.com Version 3.6 SSO Plugin HP Service Request Catalog J System Solutions Version 3.6 Page 2 of 7 Introduction... 3 Adobe Flash and NTLM... 3 Enabling the identity federation service... 4 Federation key... 4 Token lifetime...

More information

Alfresco Share SAML. 2. Assert user is an IDP user (solution for the Security concern mentioned in v1.0)

Alfresco Share SAML. 2. Assert user is an IDP user (solution for the Security concern mentioned in v1.0) Alfresco Share SAML Version 1.1 Revisions 1.1 1.1.1 IDP & Alfresco user logs in using saml login page (Added info about saving the username and IDP login date as a solution for the Security concern mentioned

More information

Authentication Methods

Authentication Methods Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the

More information

An introduction of several development activities related to Shibboleth and Web browser-based simple PKI

An introduction of several development activities related to Shibboleth and Web browser-based simple PKI An introduction of several development activities related to Shibboleth and Web browser-based simple PKI Toyokazu Akiyama 1, Motonori Nakamura 2, Takeshi Nishimura 2, Kazutsuna Yamaji 2, Yukiko Kawai 1

More information

SSO Plugin. Release notes. J System Solutions. http://www.javasystemsolutions.com Version 3.5

SSO Plugin. Release notes. J System Solutions. http://www.javasystemsolutions.com Version 3.5 SSO Plugin Release notes J System Solutions Version 3.5 JSS SSO Plugin v3.5 Release notes What's new...3 SSO Plugin for HP Service Manager & Request Catalog...3 SAP Business Objects XI (BMC Analytics)...3

More information

Creating Java EE Applications and Servlets with IntelliJ IDEA

Creating Java EE Applications and Servlets with IntelliJ IDEA Creating Java EE Applications and Servlets with IntelliJ IDEA In this tutorial you will: 1. Create IntelliJ IDEA project for Java EE application 2. Create Servlet 3. Deploy the application to JBoss server

More information

S P I E Information Environments Shibboleth and Its Integration into Security Architectures. EDUCAUSE & Internet 2 Security Professionals Conference

S P I E Information Environments Shibboleth and Its Integration into Security Architectures. EDUCAUSE & Internet 2 Security Professionals Conference Shibboleth and Its Integration into Security Architectures Christian Fernau, Francisco Pinto University of Oxford EDUCAUSE & Internet 2 Security Professionals Conference Denver, CO 10-12 April 2006 16:47:29

More information

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview) Chapter 190 WebEx This chapter includes the following sections: "An overview of configuring WebEx for single sign-on" on page 190-1600 "Configuring WebEx for SSO" on page 190-1601 "Configuring WebEx in

More information

Active Directory Validation - User Guide

Active Directory Validation - User Guide Composite 2015-12-07 Composite A/S Nygårdsvej 16 DK-2100 Copenhagen Phone +45 3915 7600 www.composite.net Contents 1 INTRODUCTION... 3 1.1 Who Should Read This Guide? 3 1.2 Getting Started 4 2 CREATING

More information

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page 108-10.

SAP NetWeaver Fiori. For more information, see Creating and enabling a trusted provider for Centrify on page 108-10. Chapter 108 Configuring SAP NetWeaver Fiori The following is an overview of the steps required to configure the SAP NetWeaver Fiori Web application for single sign-on (SSO) via SAML. SAP NetWeaver Fiori

More information

Advanced Configuration Administration Guide

Advanced Configuration Administration Guide Advanced Configuration Administration Guide Active Learning Platform October 2015 Table of Contents Configuring Authentication... 1 PingOne... 1 LMS... 2 Configuring PingOne Authentication... 3 Before

More information

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites Single Sign On (SSO) Implementation Manual For Connect 5 & MyConnect Sites Version 6 Release 5.7 September 2013 1 What is Blackboard Connect Single Sign On?... 3 How it Works... 3 Drawbacks to Using Single

More information

Federated Identity Management Checklist

Federated Identity Management Checklist Federated Identity Management Checklist This document lists the minimum (marked with an *) and recommended policy, process, and technical steps required to implement Federated Identity Management and operate

More information

Microsoft Office 365 Using SAML Integration Guide

Microsoft Office 365 Using SAML Integration Guide Microsoft Office 365 Using SAML Integration Guide Revision A Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.

More information

Logout in Single Sign-on Systems

Logout in Single Sign-on Systems Logout in Single Sign-on Systems Sanna Suoranta, Asko Tontti, Joonas Ruuskanen, Tuomas Aura IFIP IDMAN, London, UK, 8-9.4.2013 Logout in Single Sign-on Systems Motivation Single sign-on (SSO) systems SSO

More information

Merchant Warehouse Credit Card Integration Gym Assistant 2.0 www.gymassistant.com August 2009

Merchant Warehouse Credit Card Integration Gym Assistant 2.0 www.gymassistant.com August 2009 Merchant Warehouse Credit Card Integration Gym Assistant 2.0 www.gymassistant.com August 2009 System Requirements This implementation requires Gym Assistant v2.0.1 build 230 or higher. To download the

More information

Shibboleth Identity Provider (IdP) Sebastian Rieger sebastian.rieger@gwdg.de

Shibboleth Identity Provider (IdP) Sebastian Rieger sebastian.rieger@gwdg.de Shibboleth Identity Provider (IdP) Sebastian Rieger sebastian.rieger@gwdg.de Gesellschaft für wissenschaftliche Datenverarbeitung mbh Göttingen, Germany CLARIN AAI Hands On Workshop, 25.02.2009, Oxford

More information

Web app AAI Integration How to integrate web applications with AAI in general?

Web app AAI Integration How to integrate web applications with AAI in general? Web app AAI Integration How to integrate web applications with AAI in general? Lukas Hämmerle lukas.haemmerle@switch.ch Zurich, 8. February 2009 6 Goal of this presentation 1. List the general requirements

More information

Configuring Parature Self-Service Portal

Configuring Parature Self-Service Portal Configuring Parature Self-Service Portal Chapter 2 The following is an overview of the steps required to configure the Parature Self-Service Portal application for single sign-on (SSO) via SAML. Parature

More information

Introduction to Identity and Access Management for the engineers. Radovan Semančík April 2014

Introduction to Identity and Access Management for the engineers. Radovan Semančík April 2014 Introduction to Identity and Access Management for the engineers Radovan Semančík April 2014 How it works now? Manager Admin Login Users Login Admin Login Login Login Theory Manager Admin Forgot password

More information

INF3510 Information Security University of Oslo Spring 2012. Lecture 8 Identity and Access Management. Audun Jøsang

INF3510 Information Security University of Oslo Spring 2012. Lecture 8 Identity and Access Management. Audun Jøsang INF3510 Information Security University of Oslo Spring 2012 Lecture 8 Identity and Access Management Audun Jøsang Outline Identity and access management concepts Identity management models Access control

More information

FAQs. OneDrive for Business?

FAQs. OneDrive for Business? Contents FAQs... 1 From a Web Browser (for PCs and mobile devices)... 1 From the OneDrive for Business Sync Application (for PCs only)... 2 From Office 2013 (for PCs only)... 3 From the OneDrive for Business

More information

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other. w w w. e g n y t e. c o m Egnyte Single Sign-On (SSO) Installation for VMware Horizon To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to

More information

Integrating OID/SSO with E- Business Suite and Third-Party SSO Solutions. Presented by Paul Jackson (Norman Leach)

Integrating OID/SSO with E- Business Suite and Third-Party SSO Solutions. Presented by Paul Jackson (Norman Leach) Integrating OID/SSO with E- Business Suite and Third-Party SSO Solutions Presented by Paul Jackson (Norman Leach) Agenda Why SSO Install Options Log Locations EBS Cloning Considerations Disaster Recovery

More information

How to configure your Desktop Computer and Mobile Devices post migrating to Microsoft Office 365

How to configure your Desktop Computer and Mobile Devices post migrating to Microsoft Office 365 How to configure your Desktop Computer and Mobile Devices post migrating to Microsoft Office 365 1 Contents Purpose... 3 Office 365 Mail Connections... 3 Finding IMAP server... 3 Desktop computers... 4

More information

Using YSU Password Self-Service

Using YSU Password Self-Service Using YSU Password Self-Service Using YSU Password Self-Service Password Self-Service Web Interface Required Items: YSU (MyYSU) Directory account, Web browser This guide will assist you with using the

More information

NCSU SSO. Case Study

NCSU SSO. Case Study NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must

More information

Developing Applications for SSO

Developing Applications for SSO Developing Applications for SSO Justen Stepka Authentisoft, LLC www.authentisoft.com Overview Introduction What is SSO Designing and Implementing for SSO environments Available Solutions Introduction Justen

More information

SAP NetWeaver AS Java

SAP NetWeaver AS Java Chapter 75 Configuring SAP NetWeaver AS Java SAP NetWeaver Application Server ("AS") Java (Stack) is one of the two installation options of SAP NetWeaver AS. The other option is the ABAP Stack, which is

More information

This manual will illustrate how to integrate your WordPress Blog or website with the Docebo Learning Management System.

This manual will illustrate how to integrate your WordPress Blog or website with the Docebo Learning Management System. This manual will illustrate how to integrate your WordPress Blog or website with the Docebo Learning Management System. Direct Log in: The Docebo LMS offers a login box that can be added to you WordPress

More information

Nebraska ESUCC InCommon K-12 Pilot Summary

Nebraska ESUCC InCommon K-12 Pilot Summary Nebraska ESUCC InCommon K-12 Pilot Summary September 14, 2015 Overview Our experience with the Quilt Internet2 InCommon Federation s K 12 pilot program has been incredibly valuable for the knowledge our

More information

SAM Context-Based Authentication Using Juniper SA Integration Guide

SAM Context-Based Authentication Using Juniper SA Integration Guide SAM Context-Based Authentication Using Juniper SA Integration Guide Revision A Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete

More information

SchoolBooking SSO Integration Guide

SchoolBooking SSO Integration Guide SchoolBooking SSO Integration Guide Before you start This guide has been written to help you configure SchoolBooking to operate with SSO (Single Sign on) Please treat this document as a reference guide,

More information

Egnyte Single Sign-On (SSO) Installation for Okta

Egnyte Single Sign-On (SSO) Installation for Okta w w w. e g n y t e. c o m Egnyte Single Sign-On (SSO) Installation for Okta To set up Egnyte so employees can log in using SSO, follow the steps below to configure Okta and Egnyte to work with each other.

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES 1. Federation Participant Information 1.1 The InCommon Participant Operational Practices information below is for: InCommon Participant organization

More information

FAQs. OneDrive for Business?

FAQs. OneDrive for Business? Contents FAQs... 1 From a Web Browser (for PCs and mobile devices)... 1 From the OneDrive for Business Sync Application (for PCs only)... 2 From Office 2013 (for PCs only)... 3 From the OneDrive for Business

More information

Restoring Sage Data Sage 200

Restoring Sage Data Sage 200 Restoring Sage Data Sage 200 [SQL 2005] This document explains how to Restore backed up Sage data. Before you start Restoring data please make sure that everyone is out of Sage 200. To be able to restore

More information

Federated Wikis Andreas Åkre Solberg andreas@uninett.no

Federated Wikis Andreas Åkre Solberg andreas@uninett.no Federated Wikis Andreas Åkre Solberg andreas@uninett.no Wikis in the beginning...in the beginning wikis were wide open. Great! - But then the spammers arrived. Password protected wikis Create yet another

More information

Integrating Multi-Factor Authentication into Your Campus Identity Management System

Integrating Multi-Factor Authentication into Your Campus Identity Management System Integrating Multi-Factor Authentication into Your Campus Identity Management System Mike Grady, Unicon David Walker, Internet2 (both associated with the Internet2 Scalable Privacy Project) Agenda Multi-Context

More information

Introduction to Open Atrium s workflow

Introduction to Open Atrium s workflow Okay welcome everybody! Thanks for attending the webinar today, my name is Mike Potter and we're going to be doing a demonstration today of some really exciting new features in open atrium 2 for handling

More information

CONFIGURATION GUIDE WITH MICROSOFT ACTIVE DIRECTORY FEDERATION SERVER

CONFIGURATION GUIDE WITH MICROSOFT ACTIVE DIRECTORY FEDERATION SERVER UMANTIS CLOUD SSO CONFIGURATION GUIDE WITH MICROSOFT ACTIVE DIRECTORY FEDERATION SERVER THIS DOCUMENT DESCRIBES THE REQUIREMENTS TO SETUP A SINGLE SIGN ON (SSO) CONFIGURATION ON UMANTIS CLOUD BASED SOLUTIONS

More information

Federated Identity & Access Mgmt for Higher Education

Federated Identity & Access Mgmt for Higher Education Federated Identity & Access Mgmt for Higher Education Dr. Erik Vullings Program Manager Macquarie University s s E-Learning E Centre of Excellence (MELCOE) Erik.Vullings@melcoe.mq.edu.au 1/23/2006 1 Backing

More information

ShibboLEAP Project. Final Report: School of Oriental and African Studies (SOAS) Colin Rennie

ShibboLEAP Project. Final Report: School of Oriental and African Studies (SOAS) Colin Rennie ShibboLEAP Project Final Report: School of Oriental and African Studies (SOAS) Colin Rennie May 2006 Shibboleth Implementation at SOAS Table of Contents Introduction What this document contains Who writes

More information

Dell Compellent Storage Center

Dell Compellent Storage Center Dell Compellent Storage Center Active Directory Integration Best Practices Guide Dell Compellent Technical Solutions Group January, 2013 THIS BEST PRACTICES GUIDE IS FOR INFORMATIONAL PURPOSES ONLY, AND

More information

Sharepoint server SSO

Sharepoint server SSO Configuring g on-premise Sharepoint server SSO Chapter 99 You can now provide single sign-on to your on-premise Sharepoint server applications. This section includes the following topics: "An overview

More information

Here are the steps to configure Outlook Express for use with Salmar's Zimbra server. Select "Tools" and then "Accounts from the pull down menu.

Here are the steps to configure Outlook Express for use with Salmar's Zimbra server. Select Tools and then Accounts from the pull down menu. Salmar Consulting Inc. Setting up Outlook Express to use Zimbra Marcel Gagné, February 2010 Here are the steps to configure Outlook Express for use with Salmar's Zimbra server. Open Outlook Express. Select

More information

Managing Data on the World Wide-Web

Managing Data on the World Wide-Web Managing Data on the World Wide-Web Sessions, Listeners, Filters, Shopping Cart Elad Kravi 1 Web Applications In the Java EE platform, web components provide the dynamic extension capabilities for a web

More information

About Me. #ccceu. @shapeblue. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack

About Me. #ccceu. @shapeblue. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack About Me KVM, API, DB, Upgrades, SystemVM, Build system, various subsystems Contributor and Committer

More information

Email Setup Guide. network support pc repairs web design graphic design Internet services spam filtering hosting sales programming

Email Setup Guide. network support pc repairs web design graphic design Internet services spam filtering hosting sales programming Email Setup Guide 1. Entourage 2008 Page 2 2. ios / iphone Page 5 3. Outlook 2013 Page 10 4. Outlook 2007 Page 17 5. Windows Live Mail a. New Account Setup Page 21 b. Change Existing Account Page 25 Entourage

More information

CAS s IDP system and resources in Education Cloud

CAS s IDP system and resources in Education Cloud CAS s IDP system and resources in Education Cloud DAREN ZHA CANS2015, Chengdu Outline CAS s IDP system and Education Cloud introduction Problems of interoperation A interoperation plan CAS s Education

More information

SAML Single-Sign-On (SSO)

SAML Single-Sign-On (SSO) C O L A B O R A T I V E I N N O V A T I O N M A N A G E M E N T Complete Feature Guide SAML Single-Sign-On (SSO) 1. Features This feature allows administrators to setup Single Sign-on (SSO) integration

More information

SAML Security Option White Paper

SAML Security Option White Paper Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions

More information

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................

More information

Majordomo List Owners guide

Majordomo List Owners guide Majordomo List Owners guide Managing a Local Mailing List A brief explanation of how to setup, operate and configure a majordomo mailing list. 1. Introduction 2. Starting up a list 3. Using MajorCool 4.

More information

Enabling SAML for Dynamic Identity Federation Management

Enabling SAML for Dynamic Identity Federation Management Enabling SAML for Dynamic Identity Federation Management Patricia Arias, Florina Almenárez, Andrés Marín and Daniel Díaz-Sánchez University Carlos III of Madrid http://pervasive.gast.it.uc3m.es/ WMNC 2009

More information

SD Departmental Meeting November 28 th, 2006. Ale de Vries Product Manager ScienceDirect Elsevier

SD Departmental Meeting November 28 th, 2006. Ale de Vries Product Manager ScienceDirect Elsevier ש בולת SD Departmental Meeting November 28 th, 2006 Ale de Vries Product Manager ScienceDirect Elsevier Shi... whát? : Shibboleth ש בולת [...] "stream, torrent". It derives from a story in the Hebrew Bible,

More information

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...

More information

WebNow Single Sign-On Solutions

WebNow Single Sign-On Solutions WebNow Single Sign-On Solutions Technical Guide ImageNow Version: 6.7. x Written by: Product Documentation, R&D Date: June 2015 2012 Perceptive Software. All rights reserved CaptureNow, ImageNow, Interact,

More information

SAML Federated Identity at OASIS

SAML Federated Identity at OASIS International Telecommunication Union SAML Federated Identity at OASIS Hal Lockhart BEA Systems Geneva, 5 December 2006 SAML and the OASIS SSTC o SAML: Security Assertion Markup Language A framework for

More information

Guidelines for Installing SQL Server and Client (SQL Server Management Studio)

Guidelines for Installing SQL Server and Client (SQL Server Management Studio) Guidelines for Installing SQL Server and Client (SQL Server Management Studio) Installing process is pretty straightforward. Any Express version would be ok with writing SQL part of the course, but Stored

More information

2. Follow the installation directions and install the server on ccc

2. Follow the installation directions and install the server on ccc Installing a Web Server 1. Install a sample web server, which supports Servlets/JSPs. A light weight web server is Apache Tomcat server. You can get the server from http://tomcat.apache.org/ 2. Follow

More information

IDP Installer Overview

IDP Installer Overview IDP Installer Overview Facilitating access to the CAF ecosystem Wendy Petersen November 2013 CANARIE Ottawa Outline CAF services overview Eduroam infrastructure Shibboleth infrastructure Deployment challenges

More information

OneLogin Integration User Guide

OneLogin Integration User Guide OneLogin Integration User Guide Table of Contents OneLogin Account Setup... 2 Create Account with OneLogin... 2 Setup Application with OneLogin... 2 Setup Required in OneLogin: SSO and AD Connector...

More information