Shibboleth Configuration in Tübingen
|
|
- Clinton Harrington
- 8 years ago
- Views:
Transcription
1 Shibboleth Configuration in Tübingen Thomas Zastrow Yana Panchenko
2 The university Tübingen is member of the DFN AAI The computing center in Tübingen runs a centralized IDP for the whole university In the SfS, a Shibboleth service provider was installed: still hosts the old D-SPIN homepage 2
3 Two servers are running the main services for CLARIN D: Weblicht.sfs... Apache HTTPD + Shibboleth Proxy Tomcat WebLicht TCF Visualizer DCA Proxy amber.sfs... Tomcat Webservices Databases Resources SOAP Gateway... 3
4 Requirements for a SP Certificates from the DFN-AAI, integrated into OpenSSL BEGIN CERTIFICATE MIIFpzCCBI+gAwIBAgIED+vXfzANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJE RTEfMB0GA1UEChMWVW5pdmVyc2l0YWV0IFR1ZWJpbmdlbjEcMBoGA1UEAxMTR2xv YmFsLVVOSVRVRS1DQSAwMTEpMCcGCSqGSIb3DQEJARYadW5pdHVlLWNhQHVuaS10 dwviaw5nzw4uzguwhhcnmtawnde5mtmynja3whcnmtuwnde4mtmynja3wjcbyzel MAkGA1UEBhMCREUxHzAdBgNVBAoTFlVuaXZlcnNpdGFldCBUdWViaW5nZW4xKDAm BgNVBAsTH1NlbWluYXIgZnVlciBTcHJhY2h3aXNzZW5zY2hhZnQxDjAMBgNVBAsT BURTUElOMREwDwYDVQQLEwhXZWJMaWNodDEmMCQGA1UEAxMdd2VibGljaHQuc2Zz LnVuaS10dWViaW5nZW4uZGUxJjAkBgkqhkiG9w0BCQEWF2VoQHNmcy51bmktdHVl YmluZ2VuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJJ+lISL licghmdtc5ekdkspkziefgf6u0i2yt+u/bx37xl4yovmmxjxrlqm4oevne67n8k8 4qe06B8xErFh3KqgC5Q5keUlQmXJu4wvABnk9AuxlwJKuGXI3PetBYdid10A7Iu 3Ki0s3j7+7yYTG6xXJt4qrE7rV/v79zBQcoKOwu1AMdfV9q8GRShEXCQ82P4IITT Q4z513p1e0mscDdBIunH6aThNCJA9rUBwEVX90HX5KHaOPSksHISylhjl/++XJFy /0wBpiZ4+7pN2S/go9J8A153NZSPhF2M5deyWgjT/K2LSudLnegIlRFTq1Kv89eE bf/zahunvakbqqidaqabo4ib5dccaeawcqydvr0tbaiwadalbgnvhq8ebamcbeaw HQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQWBBRmWkIAb3Vr zkttelxvwsx4nngcudafbgnvhsmegdawgbswwbtonx/i1kgcgngv4pxbnm3dqdai BgNVHREEGzAZgRdlaEBzZnMudW5pLXR1ZWJpbmdlbi5kZTCBkwYDVR0fBIGLMIGI MEKgQKA+hjxodHRwOi8vY2RwMS5wY2EuZGZuLmRlL2NsYXNzaWMtdW5pdHVlLWNh L3B1Yi9jcmwvZ19jYWNybC5jcmwwQqBAoD6GPGh0dHA6Ly9jZHAyLnBjYS5kZm4u ZGUvY2xhc3NpYy11bml0dWUtY2EvcHViL2NybC9nX2NhY3JsLmNybDCBrAYIKwYB BQUHAQEEgZ8wgZwwTAYIKwYBBQUHMAKGQGh0dHA6Ly9jZHAxLnBjYS5kZm4uZGUv Y2xhc3NpYy11bml0dWUtY2EvcHViL2NhY2VydC9nX2NhY2VydC5jcnQwTAYIKwYB BQUHMAKGQGh0dHA6Ly9jZHAyLnBjYS5kZm4uZGUvY2xhc3NpYy11bml0dWUtY2Ev chvil2nhy2vydc9nx2nhy2vydc5jcnqwdqyjkozihvcnaqefbqadggebagxjyoka uuwufzvszzutqnicslwwhmrb6g63crkbgbmsngfwiyhrizcjtpytdabj1lg2pryj YpbhHR4892JIAm1IkyR4sJvAKXgnzNHtTy1ZTmlP7BjekPb6pcSRWAra84A+bOWY +Q3KRITfEcUfsFw/PWYO8qwDurTWGBK3ReWkwLJ9y89XZDXQZt4A9RQnnBvnC7RU klkamxrv27neeug8eh0tufxsthulbclnnnhaat1c8m2awjwcwshg5ctr99musjtc NGifdwt0qWax50ASplgOtT/GZAw2E7HEEgbDA+6JcKpVlh+UMnk2JN+nkkKUjgnD wn2yhswhnnmiigy= END CERTIFICATE 4
5 5
6 Tübingen Software Environment Shibboleth Version 2.x Apache 2: mod_ssl, shib2 enabled DFN tutorial: 6
7 Configuration Virtual host in Apache (SSL): <Directory /var/www/login_s/> AuthType shibboleth ShibRequireSession On Require valid-user </Directory> -> Shibboleth configuration: /etc/shibboleth/shibboleth2.xml 7
8 hfps://weblicht.sfs.uni tuebingen.de/login_s/ 8
9 Local Authentification In addition to the Shibboleth login, there is another login way which makes use of the local Apache user management Its necessary because many CLARIN users don't have an account in the CLARIN identity federation 9
10 PHP: Display all server based variables <? $ = $_SERVER["eppn"]; echo "Wer bin ich: $ "; echo '<table border="1">'; foreach($_server as $k => $v) { echo '<tr><td>'.$k.'</td><td>'.$v.'</td></tr>'; } echo '</table>';?> 10
11 SAML Tracer SAML Tracer is an addon for Firefox: addons.mozilla.org/en- US/firefox/addon/samltracer/ 11
12 Conclusion The computing center in Tübingen was very helpful Also the people from the DFN AAI join the mailing lists! 12
13 Conclusion Attributes: it is not sure which attributes a SP gets from the IDPs Next step: secure web services and delegation 13
14 Delegated Authentication with Shibboleth Delegated authentication model among SAML-enabled services since Shibboleth v2.1.3: uses SAML2.0 Enhanced Client profile (ECP) for delegation multi-tier delegation possible 14
15 Use case for WebLicht: App1, WS2, WS3, WS4 are all protected with Shibboleth within Clarin federation App1 - WebLicht web application for chaining NLP tools WS2 - tokenizer from Uni 2 WS3 - tagger from Uni 3 WS4 - resources from Uni 4 used by WS3 for tagging 15
16 User App1 WS2 WS3 WS4 recognize both the original client App1/WS3 and the subject (user) and the fact that "delegate" client is accessing it on behalf of that subject as a result know that the user is signed-in and know the user identity can control or limit access of the user based on the user (and optionally the client) identity can apply internal authorization based on the user identity 16
17 Complications: Shibboleth above v2.1.3 is required requires additional relatively complicated configuration for all the participating parties: for IdP, for SPs that can delegate, for SPs that accept delegation not possible to specify that delegation from all SPs to all SPs is allowed I.e. each web service should know and specify in advance which other web service it can access, and by which other web service it can be accessed 17
18 What is possible with Shibboleth at the moment: Other restrictions / licenses Academic Community Free 18
19 Shibboleth & Tomcat There are some third-partie libraries which allow to integrate Shibboleth directly into Tomcat But: They are not official, there could be problems with versions, security etc. Solution: use an Apache HTTPD for the Shibboleth functionality and put Tomcat behind it, accessing Tomcat via mod_proxy_ajp 19
20 Apache HTTPD runs on port 443 with SSL: Tomcat runs on localhost on port 8080 (or another one): With the proxy: 20
21 <Location "/soapgate/"> Order Allow,Deny Allow from All ProxyPassReverse soapgate </Location> ajp://amber.sfs.uni-tuebingen.de:8009/ ProxyPass /soapgate ajp://amber.sfs.uni-tuebingen.de:8009/ soapgate 21
Federated Identity Management. Willem Elbers (MPI-TLA) EUDAT training
Federated Identity Management Willem Elbers (MPI-TLA) EUDAT training Date: 26 June 2012 Outline FIM and introduction to components Federation and metadata National Identity federations and inter federations
More informationShibboleth N-Tier Support. Chad La Joie chad.lajoie@switch.ch
Shibboleth N-Tier Support Chad La Joie chad.lajoie@switch.ch Agenda Use Case Terminology Shibboleth Solution Future Effort Resources 2 Use Case Current use case comes from University of Chicago University
More informationAA enabling a closed source legacy application
AA enabling a closed source legacy application Jan Du Caju ICT security officer K.U.Leuven Belgium AA enabling a closed source legacy application Introduction: context association K.U.Leuven Case: AA enabling
More informationShibboleth Identity Provider (IdP) Sebastian Rieger sebastian.rieger@gwdg.de
Shibboleth Identity Provider (IdP) Sebastian Rieger sebastian.rieger@gwdg.de Gesellschaft für wissenschaftliche Datenverarbeitung mbh Göttingen, Germany CLARIN AAI Hands On Workshop, 25.02.2009, Oxford
More informationIntegration of Shibboleth and (Web) Applications
workshop Integration of Shibboleth and (Web) Applications MPG-AAI Workshop Clarin Centers Prague 2009 2009-11-06 (Web) Application Protection Models Classical Application behind Shibboleth Standard Session
More informationShibboleth SP Simple Installation Guide For LINUX
Division of IT Shibboleth SP Simple Installation Guide For LINUX University of Missouri Revision History AM July 2012 Created AM July 26, 2012 Changed links to SP download AM August 29, 2012 Updated for
More informationUsing Kerberos tickets for true Single Sign On
Using Kerberos tickets for true Single Sign On Table of Contents Introduction This document details the reasoning for, configuration of and experiences from the initial setup of Kerberos tickets for SSO
More informationIdentity and Access Management for Federated Resource Sharing: Shibboleth Stories
Identity and Access Management for Federated Resource Sharing: Shibboleth Stories http://arch.doit.wisc.edu/keith/apan/ apanshib-060122-01.ppt Keith Hazelton (hazelton@doit.wisc.edu) Sr. IT Architect,
More informationU S E R D O C U M E N TA T I O N ( A L E P H I N O
U S E R D O C U M E N TA T I O N ( A L E P H I N O 5. 0 ) Single-Sign-On Alephino Version 5.0 1/9 last updated: 17/09/2014 Table of contents 1 Mode of operation...3 2 Configuration examples with the Apache
More informationRunning Multiple Shibboleth IdP Instances on a Single Host
CESNET Technical Report 6/2013 Running Multiple Shibboleth IdP Instances on a Single Host IVAN NOVAKOV Received 10.12.2013 Abstract The article describes a way how multiple Shibboleth IdP instances may
More informationUsing Shibboleth for Single Sign- On
Using Shibboleth for Single Sign- On One Logon to Rule them all.. Kirk Yaros Director, Enterprise Services Mott Community College 1 Agenda Overview of Mott Overview of Shibboleth and Mott s Project Review
More informationSSO Plugin. Case study: Integrating with Ping Federate. J System Solutions. http://www.javasystemsolutions.com. Version 4.0
SSO Plugin Case study: Integrating with Ping Federate J System Solutions Version 4.0 JSS SSO Plugin v4.0 Release notes Introduction... 3 Ping Federate Service Provider configuration... 4 Assertion Consumer
More informationi2b2: Security Baseline
i2b2: Security Baseline Contents Introduction... 3 CentOS Security Configuration... 4 SSL Configuration... 5 Database Configuration Files... 6 Revision History... 11 2 Introduction This document outlines
More informationPerceptive Experience Single Sign-On Solutions
Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark
More informationAAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle lukas.haemmerle@switch.ch
AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes Lukas Hämmerle lukas.haemmerle@switch.ch Berne, 13. August 2014 Introduction App by University of St. Gallen Universities
More informationIntroducing Shibboleth
workshop Introducing Shibboleth MPG-AAI Workshop Clarin Centers Prague 2009 2009-11-06 MPG-AAI MPG-AAI a MPG-wide Authentication & Authorization Infrastructure for access control to web-based resources
More informationmod_auth_pubtkt a pragmatic Web Single Sign-On solution by Manuel Kasper, Monzoon Networks AG mkasper@monzoon.net
mod_auth_pubtkt a pragmatic Web Single Sign-On solution by Manuel Kasper, Monzoon Networks AG mkasper@monzoon.net The login hell Solutions use client certificates and OCSP and get killed by end users?
More informationFederating with Web Applications
Federating with Web Applications Janusz Ulawski HEAnet Ltd November 11, 2010 Agenda 1 Providing access to your WebApp 2 Federated Access Software with SAML 2.0 support 3 Federating your WebApp Shibboleth
More informationShibboLEAP Project. Final Report: School of Oriental and African Studies (SOAS) Colin Rennie
ShibboLEAP Project Final Report: School of Oriental and African Studies (SOAS) Colin Rennie May 2006 Shibboleth Implementation at SOAS Table of Contents Introduction What this document contains Who writes
More informationAuthentication Methods
Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the
More informationNovell Access Manager
Novell Access Manager Product Overview Kiran Mova Agenda Introduction Architecture IDP AG SSL VPN Administration Console How it works? Web SSO Federation SSO Protect HTTP Resources Protect non-http Resources
More informationFederated Identity: Leveraging Shibboleth to Access On and Off Campus Resources
Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources Paul Riddle University of Maryland Baltimore County EDUCAUSE Mid-Atlantic Regional Conference January 16, 2008 Copyright
More informationDesign and Implementation of Web Forward Proxy with
Design and Implementation of Web Forward Proxy with Shibboleth Authentication KOMURA Takaaki SANO Hiroaki Kyoto University Kyoto University Library DEMIZU Noritoshi OCTOPATH corporation MAKIMURA Ken OCTOPATH
More informationLIGO Identity Management: Questions I Wish We Would Have Asked
LIGO Identity Management: Questions I Wish We Would Have Asked Scott Koranda for LIGO LIGO and University of Wisconsin-Milwaukee September 6, 2012 LIGO-XXXXXXXX-v1 1 / 39 We had a mess Late in 2007 and
More information1. Introduction 2. Getting Started 3. Scenario 1 - Non-Replicated Cluster 4. Scenario 2 - Replicated Cluster 5. Conclusion
1. Introduction... 1 1.1. Non-Replicated Cluster... 1 1.2. Replicated Cluster... 2 1.3. Mixing Both Options... 3 2. Getting Started... 5 3. Scenario 1 - Non-Replicated Cluster... 6 3.1. JOSSO Agent Configuration...
More informationDEPLOYMENT GUIDE. SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity
DEPLOYMENT GUIDE SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity Table of Contents SAML Overview...3 Integration Topology...3 Deployment Requirements...4 Configuration Steps...4 Step
More informationToward campus portal with shibboleth middleware
Toward campus portal with shibboleth middleware Eisuke Ito and Masanori Nakakuni itou@cc.kyushu u.ac.jp, Kyushu University nak@fukuoka u.ac.jp, Fukuoka University Outline 1. Background 2. Shibboleth 3.
More informationDEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP LTM with Apache Tomcat and Apache HTTP Server
DEPLOYMENT GUIDE Version 1.0 Deploying the BIG-IP LTM with Apache Tomcat and Apache HTTP Server Table of Contents Table of Contents Deploying the BIG-IP LTM with Tomcat application servers and Apache web
More informationRequirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module
Collax SSL VPN Howto This howto describes the easy configuration of a Collax server as SSL VPN gateway in order to enable external access to selected applications in the company network. Except for a common
More informationCentraSite SSO with Trusted Reverse Proxy
CentraSite SSO with Trusted Reverse Proxy Introduction Single-sign-on (SSO) via reverse proxy is the preferred SSO method for CentraSite. Due to its flexibility the reverse proxy approach allows to apply
More informationPolicy on ARCS eresearch Services Firewall Configuration Requests
Policy on ARCS eresearch Services Firewall Configuration Requests (Endorsed by CAUDIT Executive 29 July 2009) Introduction ARCS and CAUDIT have together sought to arrive at an agreed set of firewall configurations
More informationContents at a Glance. 1 Introduction 17. 2 Basic Principles of IT Security 23. 3 Authentication and Authorization in
at a Glance 1 Introduction 17 2 Basic Principles of IT Security 23 3 Authentication and Authorization in SAP NetWeaver Application Server Java 53 4 Single Sign-On 151 5 Identity Provisioning 289 6 Secure
More informationMiddleware integration in the Sympa mailing list software. Olivier Salaün - CRU
Middleware integration in the Sympa mailing list software Olivier Salaün - CRU 1. Sympa, its middleware connectors 2. Sympa web authentication 3. CAS authentication 4. Shibboleth authentication 5. Sympa
More informationThe saga of WebFTS and Federated Identity
The saga of WebFTS and Federated Identity Andrey Kiryanov IT/SDC 15/12/2014 The Reason: 2 What is a Federated Identity? It is the means of linking a person's electronic identity and attributes, stored
More informationDevelopment and deployment of integrated attribute based access control for collaboration
Development and deployment of integrated attribute based access control for collaboration Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications
More informationTIBCO Spotfire Platform IT Brief
Platform IT Brief This IT brief outlines features of the system: Communication security, load balancing and failover, authentication options, and recommended practices for licenses and access. It primarily
More informationSetup Guide Access Manager 3.2 SP3
Setup Guide Access Manager 3.2 SP3 August 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE
More informationSecuring Splunk with Single Sign On & SAML
Copyright 2015 Splunk Inc. Securing Splunk with Single Sign On & SAML Nachiket Mistry Sr. So=ware Engineer, Splunk Rama Gopalan Sr. So=ware Engineer, Splunk Disclaimer During the course of this presentajon,
More informationKerberos and Single Sign-On with HTTP
Kerberos and Single Sign-On with HTTP Joe Orton Red Hat Introduction The Problem Current Solutions Future Solutions Conclusion Overview Introduction WebDAV: common complaint of poor support for authentication
More informationAuthentication and Single Sign On
Contents 1. Introduction 2. Fronter Authentication 2.1 Passwords in Fronter 2.2 Secure Sockets Layer 2.3 Fronter remote authentication 3. External authentication through remote LDAP 3.1 Regular LDAP authentication
More informationDevelopment of a file-sharing system for educational collaboration among higher-education institutions
Development of a file-sharing system for educational collaboration among higher-education institutions Takuya Matsuhira, Yoshiya Kasahara, and Yoshihiro Takata Abstract Opportunities for educational, research-oriented,
More informationFederated Wikis Andreas Åkre Solberg andreas@uninett.no
Federated Wikis Andreas Åkre Solberg andreas@uninett.no Wikis in the beginning...in the beginning wikis were wide open. Great! - But then the spammers arrived. Password protected wikis Create yet another
More informationFederation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015
Federation At Fermilab Al Lilianstrom National Laboratories Information Technology Summit May 2015 About Fermilab Since 1967, Fermilab has worked to answer fundamental questions and enhance our understanding
More informationSingle Sign-On for the UQ Web
Single Sign-On for the UQ Web David Gwynne Infrastructure Architect, ITIG, EAIT Taxonomy Authentication - Verification that someone is who they claim to be - ie, only the relevant user
More informationAdd Microsoft Azure as the Federated Authenticator in WSO2 Identity Server
Add Microsoft Azure as the Federated Authenticator in WSO2 Identity Server This blog will explain how to use Microsoft Azure as a Federated Authenticator for WSO2 Identity Server 5.0.0. In this example
More informationTitle: A Client Middleware for Token-Based Unified Single Sign On to edugain
Title: A Client Middleware for Token-Based Unified Single Sign On to edugain Sascha Neinert Computing Centre University of Stuttgart, Allmandring 30a, 70550 Stuttgart, Germany e-mail: sascha.neinert@rus.uni-stuttgart.de
More informationHow Single-Sign-On Improves The Usability Of Protected Services For Geospatial Data
2014 Fifth International Conference on Computing for Geospatial Research and Application How Single-Sign-On Improves The Usability Of Protected Services For Geospatial Data Andreas Matheus University of
More informationFederated Identity & Access Mgmt for Higher Education
Federated Identity & Access Mgmt for Higher Education Dr. Erik Vullings Program Manager Macquarie University s s E-Learning E Centre of Excellence (MELCOE) Erik.Vullings@melcoe.mq.edu.au 1/23/2006 1 Backing
More informationSingle Sign On. SSO & ID Management for Web and Mobile Applications
Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing
More informationProtect Everything: Networks, Applications and Cloud Services
Protect Everything: Networks, Applications and Cloud Services Tokens & Users Cloud Applications Private Networks Corporate Network API LDAP / Active Directory SAML RADIUS Corporate Network LDAP / Active
More informationPainless Web Proxying with Apache mod_proxy
Painless Web Proxying with Apache mod_proxy Justin R. Erenkrantz University of California, Irvine and Google, Inc. http://www.erenkrantz.com/oscon/ justin@erenkrantz.com Why should I pay attention? Apache
More informationPingFederate. Identity Menu Builder. User Guide. Version 1.0
Identity Menu Builder Version 1.0 User Guide 2011 Ping Identity Corporation. All rights reserved. Identity Menu Builder User Guide Version 1.0 April, 2011 Ping Identity Corporation 1099 18th Street, Suite
More informationOpen-source Single Sign-On with CAS (Central Authentication Service)
Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright 2004 ESUP-Portail consortium Open-source Single Sign-On with CAS Single Sign-On
More informationHow To Create A Personalized Website In Chalet.Ch
AAI-enabling Web Applications (personalized, dynamic content in PHP, ASP, Perl, Java,...) Valéry Tschopp 2005 SWITCH AAI Attribute Transmission Attributes Store SAML Attributes Home
More informationJOSSO 2.4. Ws-Federation Integration Tutorial
JOSSO 2.4 Ws-Federation Integration Tutorial JOSSO 2.4 : Ws-Federation Integration Tutorial 1. Introduction... 1 2. Prerequisites... 2 3. Defining Identity Appliance Elements... 3 3.1. SAML 2 Service Provider
More informationSharepoint server SSO
Configuring g on-premise Sharepoint server SSO Chapter 99 You can now provide single sign-on to your on-premise Sharepoint server applications. This section includes the following topics: "An overview
More informationINUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE
INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE SAML 2.0 CONFIGURATION GUIDE Roy Heaton David Pham-Van Version 1.1 Published March 23, 2015 This document describes how to configure OVD to use SAML 2.0 for user
More informationExternal and Federated Identities on the Web
External and Federated Identities on the Web Jan Pazdziora Sr. Principal Software Engineer Identity Management Special Projects, Red Hat 1 st October 2015 Scope and problem statement Applications get deployed
More information1. Introduction. Authors. Abstract. Quang Vu DANG (IFI) Olivier BERGER (GET/INT) Christian BAC (GET/INT) Benoît HAMET (phpgroupware)
Authenticating from mutiple authentication sources in a collaborative work platform: the Picolibre & Shibboleth case study Authors Quang Vu DANG (IFI) Olivier BERGER (GET/INT) Christian BAC (GET/INT) Benoît
More informationESA EO Identify Management
ESA EO Identify Management The ESA EO IM Infrastructure & Services A. Baldi ESA: Andrea.Baldi@esa.int M. Leonardi ESA: m.leonardi@rheagroup.com 1 Issues @ ESA with legacy user management Users had multiple
More informationApache SSL Certificate Deployment Guide
Apache SSL Certificate Deployment Guide 沃 通 电 子 认 证 服 务 有 限 公 司 WoSignCA Limited All Rights Reserved Content 1.The environment for installing the SSL certificate... 3 1.1 Brief introduction of SSL certificate
More informationFederated Authentication and Credential Translation in the EUDAT Collaborative Data Infrastructure
Federated Authentication and Credential Translation in the EUDAT Collaborative Data Infrastructure Ahmed Shiraz Memon (JSC - DE) Jens Jensen (STFC escience - UK) Ales Cernivec (XLAB - SL) Krzysztof Benedyczak
More informationBuilding Secure Applications. James Tedrick
Building Secure Applications James Tedrick What We re Covering Today: Accessing ArcGIS Resources ArcGIS Web App Topics covered: Using Token endpoints Using OAuth/SAML User login App login Portal ArcGIS
More informationAbout Me. #ccceu. @shapeblue. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack
Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack About Me KVM, API, DB, Upgrades, SystemVM, Build system, various subsystems Contributor and Committer
More informationConfiguring Remote HANA System Connection for SAP Cloud for Analytics via Apache HTTP Server as Reverse Proxy
Configuring Remote HANA System Connection for SAP Cloud for Analytics via Apache HTTP Server as Reverse Proxy Author: Gopal Baddela, Senior BI Architect Archius Copyright Archius 2016 1 Table of Contents
More informationSMART Vantage. Installation guide
SMART Vantage Installation guide Product registration If you register your SMART product, we ll notify you of new features and software upgrades. Register online at smarttech.com/registration. Keep the
More informationExamples with.net & PHP. Martin Haagen, QlikTech, Systems Manager; CRM @sehaagen
Integrations using Web Services Examples with.net & PHP Martin Haagen, QlikTech, Systems Manager; CRM @sehaagen Martin Haagen Systems Manager; CRM @sehaagen Introduction Martin Haagen, QlikTech What We
More informationS P I E Information Environments Shibboleth and Its Integration into Security Architectures. EDUCAUSE & Internet 2 Security Professionals Conference
Shibboleth and Its Integration into Security Architectures Christian Fernau, Francisco Pinto University of Oxford EDUCAUSE & Internet 2 Security Professionals Conference Denver, CO 10-12 April 2006 16:47:29
More informationIdentity Management. Manager, Identity Management. Academic Technology Services. Michigan State University Board of Trustees
Identity Management and Shibboleth h at MSU Jim Green Manager, Identity Management Michigan State t University it Academic Technology Services Identity Management Definition: Identity management is the
More informationIGI Portal architecture and interaction with a CA- online
IGI Portal architecture and interaction with a CA- online Abstract In the framework of the Italian Grid Infrastructure, we are designing a web portal for the grid and cloud services provisioning. In following
More informationCERN Single Sign On solution
CERN Single Sign On solution Emmanuel Ormancey System Architect, CERN IT/IS CERN, Route de Meyrin, CH-1211 Geneva 23, Switzerland E-mail: Emmanuel.Ormancey@cern.ch Abstract. The need for Single Sign On
More informationSAML single sign-on configuration overview
Chapter 46 Configurin uring Drupal Configure the Drupal Web-SAML application profile in Cloud Manager to set up single sign-on via SAML with a Drupal-based web application. Configuration also specifies
More informationWebNow Single Sign-On Solutions
WebNow Single Sign-On Solutions Technical Guide ImageNow Version: 6.7. x Written by: Product Documentation, R&D Date: June 2015 2012 Perceptive Software. All rights reserved CaptureNow, ImageNow, Interact,
More informationGuide to Web Hosting in CIS. Contents. Information for website administrators. ITEE IT Support
Contents CIS Web Environment... 2 Cis-web... 2 Cis-content... 2 MySQL... 3 Applying for web hosting... 3 Frequently Asked Questions... 4 Code Snippets... 6 LDAP authentication... 6 1 BN : June 2010 CIS
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationOwner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de
Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Microsoft Forefront TMG How to use SQL Server 2008 Express Reporting Services Abstract In this
More informationExtend and Enhance AD FS
Extend and Enhance AD FS December 2013 Sponsored By Contents Extend and Enhance AD FS By Sean Deuby Introduction...2 Web Service SSO Architecture...3 AD FS Overview...5 Ping Identity Solutions...7 Synergy
More informationInstalling an SSL certificate on the InfoVaultz Cloud Appliance
Installing an SSL certificate on the InfoVaultz Cloud Appliance This document reviews the prerequisites and installation of an SSL certificate for the InfoVaultz Cloud Appliance. Please note that the installation
More informationConfiguring. Moodle. Chapter 82
Chapter 82 Configuring Moodle The following is an overview of the steps required to configure the Moodle Web application for single sign-on (SSO) via SAML. Moodle offers SP-initiated SAML SSO only. 1 Prepare
More informationLogout Support on SP and Application
Logout Support on SP and application Logout Support on SP and Application Possibilities and and Limitations SWITCHaai Team aai@switch.ch Single Logout: Is it possible? Single Logout will work only in some
More informationAuthentication and access control in Sympa mailing list software
Authentication and access control in Sympa mailing list software May 2004 Serge Aumont & Olivier Salaün Comité Réseau des Universités http://www.cru.fr Campus de Beaulieu, Rennes France 1 Introduction
More informationLepide Active Directory Self Service. Configuration Guide. Follow the simple steps given in this document to start working with
Lepide Active Directory Self Service Configuration Guide 2014 Follow the simple steps given in this document to start working with Lepide Active Directory Self Service Table of Contents 1. Introduction...3
More informationSSL Web Proxy. Generally to access an internal web server which is behind a NAT router, you have the following two methods:
SSL Web Proxy Vigor2930, Vigor2950 and VigorPro 5500/5510 series router support SSL Web Proxy function to let user access lots of servers in security via Internet environment. We provide a general user
More informationOpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com
OpenSSO: Simplify Your Single-Sign-On Needs Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com 1 Agenda Enterprise security needs What is OpenSSO? OpenSSO features > > > > SSO and
More informationHow To Manage Identity On A Cloud (Cloud) With A User Id And A Password (Saas)
Integral Federated Identity Management for Cloud Computing Maicon Stihler, Altair Olivo Santin, Arlindo L. Marcon Jr. Graduate Program in Computer Science Pontifical Catholic University of Paraná Curitiba,
More informationRelease Notes Date: September 2013
Release Notes Date: September 2013 All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, or stored in any retrieval system of any nature without the
More informationHow To Configure The Jasig Casa Single Sign On On A Workstation On Ahtml.Org On A Server On A Microsoft Server On An Ubuntu 7.5.3 (Windows) On A Linux Computer On A Raspberry V
Configuring CAS-based SSO with ActiveVOS on Apache Tomcat Technical Note Version: 1.3 Dated: August 2013 2013 Informatica Corporation ActiveVOS is a trademark of Informatica, Inc. All other company and
More informationAuthentication Integration
Authentication Integration VoiceThread provides multiple authentication frameworks allowing your organization to choose the optimal method to implement. This document details the various available authentication
More informationKerberos and Single Sign On with HTTP
Kerberos and Single Sign On with HTTP Joe Orton Senior Software Engineer, Red Hat Overview Introduction The Problem Current Solutions Future Solutions Conclusion Introduction WebDAV: common complaint of
More informationApache HTTP Server. Load-Balancing with Apache HTTPD 2.2 and later. Erik Abele www.eatc.de
Apache HTTP Server Load-Balancing with Apache HTTPD 2.2 and later Erik Abele www.eatc.de About Me Working internationally as IT Consultant Areas: Administration & Operations Working on and with Open Source
More informationEQUELLA. Clustering Configuration Guide. Version 6.0
EQUELLA Clustering Configuration Guide Version 6.0 Document History Document No. Reviewed Finalised Published 1 17/10/2012 17/10/2012 17/10/2012 October 2012 edition. Information in this document may change
More informationWhat's new in httpd 2.2?
What's new in httpd 2.2? 2.1 Paul Querna pquerna@apache.org July 21, 2005 http://www.outoforder.cc/presentations/ 2.2? major.minor.patch Versioning Scheme: Even = Stable / General Availability 2.0.x &
More informationApache Tomcat & Reverse Proxies
Apache Tomcat & Reverse Proxies Mark Thomas, Staff Engineer 2012 SpringSource, by VMware. All rights reserved Agenda Introductions What is a reverse proxy? Protocol selection httpd module selection Connector
More information000-575. IBM Tivoli Federated Identity Manager V6.2.2 Implementation. Version: Demo. Page <<1/10>>
000-575 IBM Tivoli Federated Identity Manager V6.2.2 Implementation Version: Demo Page 1.What is the default file name of the IBM Tivoli Directory Integrator log? A. tdi.log B. ibmdi.log C. ibmdisrv.log
More informationD-SPIN. Volker Boehlke, Gerhard Heyer University of Leipzig. - overview, prototype, roadmap - Institut für Informatik
D-SPIN - overview, prototype, roadmap - Volker Boehlke, Gerhard Heyer University of Leipzig Institut für Informatik LeipzigLinguisticServices - repository: - relational database - used fields are: ID,
More informationFederated Identity Management A Sevan White Paper
Federated Identity Management A Sevan White Paper Federated Identity Management is a term widely used to refer to authentication and authorization of people or systems across independent organizations.
More informationEnter Here -> Directory Submitter Software For One > Visit Here <
How to add a url to trusted sites in ie, google seo directory submission, word web directory free download. Enter Here -> Directory Submitter Software For One > Visit Here < Buy cheap new instant directory
More informationSAML SSO Configuration
SAML SSO Configuration Overview of Single Sign-, page 1 Benefits of Single Sign-, page 2 Overview of Setting Up SAML 2.0 Single Sign-, page 3 SAML 2.0 Single Sign- Differences Between Cloud-Based Meeting
More informationHow To Use Netiq Access Manager 4.0.1.1 (Netiq) On A Pc Or Mac Or Macbook Or Macode (For Pc Or Ipad) On Your Computer Or Ipa (For Mac) On An Ip
Setup Guide Access Manager 4.0 SP1 May 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE
More informationCiphermail Gateway Separate Front-end and Back-end Configuration Guide
CIPHERMAIL EMAIL ENCRYPTION Ciphermail Gateway Separate Front-end and Back-end Configuration Guide June 19, 2014, Rev: 8975 Copyright 2010-2014, ciphermail.com. CONTENTS CONTENTS Contents 1 Introduction
More information