1 Federated Identity Management and Shibboleth Noreen Hogan Asst. Director Enterprise Admin. Applications
2 Federated Identity Management Management of digital identity/credentials (username/password) Access management policies and procedures Authentication/SSO Scaled to provide interactions between an association of organizations
3 InCommon Federation Higher Ed Federation (200+ HE members) Common attributes, practices, policies for information exchange UO joined in February 2010 Identity Providers, Service Providers Participant Operating Practices (POP) Documents your organizations IdM practices Identity Assurance Program Bronze and Silver Identity Assurance Profiles
4 Standards & Recommendations Security Assertion Markup Language (SAML) XML based open standard for communicating authentication, entitlement, and attribute information.. Eduperson Object Class Common attribute definitions Discovery Service To select your Identity Provider for service access uapprove Allows user to view and approve release of attribute data (developed by SWITCHaii)
5 Current Federated UO IdM Duck ID based access to EDUCAUSE Internet2 wiki Qualtrix Service Providers on campus that are allowing federated access to UO resources? Wireless access PSU, OSU, UO Not taking advantage of InCommon federation, but a type of federated access
6 Shibboleth Standards based, open source federated single sign-on and attribute exchange software developed by Internet2 Uses SAML V2.0 Web single sign-on Attribute delivery for authorization decisions and/or application customization Recommended and supported by InCommon
7 Shibboleth Advantages SSO functionality No need to manage usernames and passwords locally Things to be aware of Session management No central logout, must close browser Attribute delivery Don t need to store or manage data locally Common attribute definitions
8 Shibboleth Components Service Provider (SP) Managed by application owner Daemon and loadable module for web server Apache, IIS, iplanet, FastCGI Identity Provider (IdP) Managed by IS - Leverages Identity Management System Provides authentication, attribute data
9 Shibboleth Demos
10 Getting Started with Shibboleth 1. Install Service Provider software 2. Obtain SSL certificate for the site 3. Send request to 4. If require attributes not included in the default set, fill out Shibboleth Attribute Request form. 5. Make sure SP Metadata is available to IdP
12 Challenges/Moving Forward Persistent Identifiers UO currently reassigns usernames Length restrictions, currently 3-8 characters Vanity addresses (aliases) Remote vetting How to prove identity? Levels of Assurance (LOA) CAS, Shib, and AD?
13 Other Federated IdM Consumer Apps/Federated IdM Social IDs and Open IDs Facebook, Google, Yahoo Level of assurance for information from these IdPs? OK for low risk services? IAM Online April 13, see InCommon web site Work in other countries Switzerland - SWITCHaai UK Access Management Federation SURFnet - Netherlands Many others
14 Resources UO IdM site - it.uoregon.edu/idm Incommon Internet2 Middleware Initiative EDUCAUSE IAM Working Group Organization for the Advancement of Structured Information Standards (OASIS)
Middleware integration in the Sympa mailing list software Olivier Salaün - CRU 1. Sympa, its middleware connectors 2. Sympa web authentication 3. CAS authentication 4. Shibboleth authentication 5. Sympa
Multi-Tenancy Authorization System with Federated Identity for Cloud-Based Environments Using Shibboleth Marcos A. P. Leandro, Tiago J. Nascimento, Daniel R. dos Santos, Carla M. Westphall, Carlos B. Westphall
OIO Web SSO Profile V2.0.9 (also known as OIOSAML 2.0.9) Revised edition Includes errata and minor clarifications Danish Agency for Digitisation September 2012 Contents > 1 Introduction 8 1.1 Referenced
NSTIC National Program Office Discussion Draft STANDARDS CATALOG Contents Introduction Source Documents Introduction This document is a contribution from the NSTIC National Program Office to the Identity
Siebel Security Guide Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013 Copyright 2005, 2013 Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided
Mobile Security Policies, Standards, Frameworks, Guidelines Guidelines for Managing and Securing Mobile Devices in the Enterprise (SP 800-124 Rev. 1) http://csrc.nist.gov/publications/drafts/800-124r1/draft_sp800-124-rev1.pdf
Secure Credential Federation for Hybrid Cloud Environment with SAML Enabled Multifactor Authentication using Biometrics B.Prasanalakshmi Assistant Professor Department of CSE Thirumalai Engineering College
Configuration Guide BES12 Version 12.1 Published: 2015-04-22 SWD-20150422113638568 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12... 8 Product documentation...
FileMaker Server 13 FileMaker Server Help 2010-2013 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker and Bento are trademarks of FileMaker,
SAS 9.4 Intelligence Platform Middle-Tier Administration Guide Third Edition SAS Documentation The correct bibliographic citation for this manual is as follows: SAS Institute Inc. 2015. SAS 9.4 Intelligence
www.css-security.com 425.216.0720 WHITE PAPER Microsoft Windows (RMS) provides authors and owners the ability to control how they use and distribute their digital content when using rights-enabled applications,
Configuration Guide Lepide Exchange Recovery Manager Lepide Software Private Limited, All Rights Reserved This User Guide and documentation is copyright of Lepide Software Private Limited, with all rights
Getting Started Guide Cloud Server powered by Mac OS X Getting Started Guide Page 1 Getting Started Guide: Cloud Server powered by Mac OS X Version 1.0 (02.16.10) Copyright 2010 GoDaddy.com Software, Inc.
Cloud Computing Tutorial CLOUD COMPUTINGTUTORIAL by tutorialspoint.com tutorialspoint.com i ABOUT THE TUTORIAL Cloud Computing Tutorial Cloud Computing provides us a means by which we can access the applications
Certificate Management Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
Backup Exec Cloud Storage for Nirvanix Installation Guide Release 2.0 The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the
LogMeIn Backup Getting Started Guide Contents Getting Started with LogMeIn Backup...3 About LogMeIn Backup...3 How does LogMeIn Backup Work, at-a-glance?...3 About Security in LogMeIn Backup...3 LogMeIn
USI Registry System User Guide for Training Organisations VET Admission Bodies VET Related Bodies Version 2.0 April 2015 This user guide has been prepared to assist users of the Unique Student Identifier
Cloud Authentication Getting Started Guide Version 2.1.0.06 ii Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.
Email Archiving User Guide Outlook Plugin Manual version 3.1 Copyright 2012 Omniquad Ltd. All rights reserved. Omniquad Ltd Crown House 72 Hammersmith Road Hammersmith London W14 8TH United Kingdom Omniquad
Installation and Upgrade Guide Copyright Statement Copyright Acronis International GmbH, 2002-2014. All rights reserved. Acronis and Acronis Secure Zone are registered trademarks of Acronis International
Oracle Access Management Complete, Integrated, Scalable Access Management Solution O R A C L E W H I T E P A P E R M A Y 2 0 1 5 Disclaimer The following is intended to outline our general product direction.
FileMaker Server 12 FileMaker Server Help 2010-2012 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker is a trademark of FileMaker, Inc.