Shibboleth and Library Resources

Similar documents
A Shibboleth View of Federated Identity. Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR

USING ESPRESSO [ESTABLISHING SUGGESTED PRACTICES REGARDING SINGLE SIGN ON] TO STREAMLINE ACCESS

How To Authenticate With Ezproxy On A University Campus (For A Non Profit)

Web app AAI Integration How to integrate web applications with AAI in general?

Using a Combination Proxy Server / PURL Server for Off-Campus Access to Restricted Databases: A Solution for the University of Iowa

Please return this document to when complete.

Best Practices for Libraries and Library Service Providers

Deploying RSA ClearTrust with the FirePass controller

Security Services. Benefits. The CA Advantage. Overview

What s New in Juniper s SSL VPN Version 6.0

Remote Access. A Service Guide for Colleges. An overview of the opt-in Remote Access service provided by Ontario College Library Service

Cisco AnyConnect Secure Mobility Solution Guide

Perceptive Experience Single Sign-On Solutions

How To Use Saml 2.0 Single Sign On With Qualysguard

Librarian s Guide to vlex

E-LibUkr portal: Case study of Shibboleth and EZProxy in Ukraine.

Flexible Identity Federation

Single Sign On at Colorado State. Ron Splittgerber

4 - TexShare and HARLiC CARDS ( Online Application Form) 5 REMOTE ACCESS TO DATABASES

Identity Management. Manager, Identity Management. Academic Technology Services. Michigan State University Board of Trustees

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

Getting started with One Search for Destiny. Overview. Before you start. Enabling the One Search service

Copyright: WhosOnLocation Limited

Authentication Integration

Authentication Methods

Citrix StoreFront 2.0

AVG Business SSO Connecting to Active Directory

Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources

Single Sign-On: Reviewing the Field

Using Shibboleth for Single Sign- On

HP Software as a Service. Federated SSO Guide

Getting Started with One Search for Destiny

Canadian Access Federation: Trust Assertion Document (TAD)

Managing Your Microsoft Windows Server Fleet with AWS Directory Service. May 2015

White paper December Addressing single sign-on inside, outside, and between organizations

The Top 5 Federated Single Sign-On Scenarios

CA Single Sign-On Migration Guide

Open Directory. Apple s standards-based directory and network authentication services architecture. Features

E-Resource Sharing at The California State University

Websense Support Webinar: Questions and Answers

Introduction to SAML

Single Sign On. SSO & ID Management for Web and Mobile Applications

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department

Auth0 SSO Drives B2B Expansion

Q&A Session for Understanding Atrium SSO Date: Thursday, February 14, 2013, 8:00am Pacific

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

SAML SSO Configuration

Patron Verification and Security The Web OPAC and Beyond. Richard Goerwitz Carleton College

How To Use Netscaler As An Afs Proxy

Endpoint Virtualization for Healthcare Providers

How to Implement Enterprise SAML SSO

Federated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications

IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS

The Case For InCommon Not Just for the Big Guys

Ranch Networks for Hosted Data Centers

Guide to Getting Started with the CommIT Pilot

WebNow Single Sign-On Solutions

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015

Duo Two-Factor Authentication: Frequently Asked Questions

Identity. Provide. ...to Office 365 & Beyond

System Center Configuration Manager Overview

WebLogic Server 7.0 Single Sign-On: An Overview

PowerLink for Blackboard Vista and Campus Edition Install Guide

Three Ways to Integrate Active Directory with Your SaaS Applications OKTA WHITE PAPER. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

The governance IT needs Easy user adoption Trusted Managed File Transfer solutions

A Web Broker Architecture for Remote Access A simple and cost-effective way to remotely maintain and service industrial machinery worldwide

Comparing Mobile VPN Technologies WHITE PAPER

Introducing the FirePass and Microsoft Exchange Server configuration

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

Administering Jive Mobile Apps

SAML-Based SSO Solution

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

White Paper. SSL vs. IPSec. Streamlining Site-to-Site VPN Deployments

PRODUCT CATEGORY BROCHURE. Juniper Networks SA Series

Microsoft Azure Multi-Factor authentication. (Concept Overview Part 1)

WALLACE COMMUNITY COLLEGE LEARNING RESOURCES CENTERS SYSTEM

KEMP LoadMaster. Enabling Hybrid Cloud Solutions in Microsoft Azure

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Transcription:

Shibboleth and Library Resources InCommon Library/Shibboleth Project

What is the Library/Shibboleth Project? Established 2007 Five universities + Internet2 Campus IT, Library IT, Librarians Adding Shibboleth to existing library services

Current focus of Library/Shibboleth Access control and licensed electronic resources Identify user scenarios Document business practice and technology issues Test solutions

Why are we here? Shibboleth adds value to library resources There are issues, but they re solvable Successful deployment is possible

Electronic resources backgrounder Ten years of growth Prevalence of home computing Increase in distance education Convenience and user expectation Hundreds of vendors, thousands of resources Significant part of the library collection budget Access and use restrictions Substantial work to integrate this seamlessly

What's wrong? Remote access is problematic Too many passwords make chaos Maintaining IP s is time consuming and unreliable

How can we fix it? Remove need for user-side configuration Single sign on Manage IP s locally or not at all

What do we want? Integrated access to licensed library resources regardless of user location Consistent user experience for authentication Reduced maintenance overhead for library resources Reliable authentication for vendors

How do we get there?

Scenario 1 - IP validated resource, on campus Nature.com IP Validated Resource User

Scenario 2 - IP validated resource, off campus Proxy / VPN Nature.com IP Validated Resource User

What is Shibboleth? Open source standards-based web single signon package Leverages local identity management system Enables access to campus and external applications Protects users privacy Helps your service partners Plays well with others

Scenario 3 - Shib-enabled resource anywhere IdP Science Direct Shibboleth-enabled resource User

Scenario 4 - Shib-enabled resource, on campus mod auth location IdP Science Direct Shibboleth-enabled resource Guest / known User

What is EZProxy? Proxy access for off-campus resources Inexpensive Library-focused Server side proxy Acts as virtual server/client Rewriting URL's SSO authentication

Scenario 5 - Single sign on proxy, off-campus mod auth location IdP EZProxy Science Direct Shibboleth-enabled resource Library Home Page User Nature.com IP validated resource

Options for access Local Config Needed Proxy Maintenance Vendor IP Maintenance Separate Credentials Web Proxy Yes Yes Yes Yes VPN Yes No Yes Yes Shibboleth No No No No Shibboleth + EZProxy No Yes No No

Library concerns with Shibboleth Communication with campus IT Privacy Privacy with individual vendors Privacy across vendors Session persistence Walk-in users Library patron database integration Are Shibboleth benefits worth the effort?

Benefits to using Shibboleth in libraries Easier off-campus access of resources Simplified user authentication experience Personalization of services without releasing identity Centralized authentication maintenance

Currently under investigation Eliminating need for vendor IP maintenance by routing all activity through proxy Using Shibboleth as central "foot traffic" log for measuring resource use Best practices for persistent URL's Role of federation in licensing and enforcement

Next steps Library/Shibboleth Project Actively partner with other federations Coordinate with Shibboleth-enabled vendors to join InCommon Encourage adoption of Shibboleth by US institutions and libraries Conducting pilots to validate approaches Recommending best practices and solutions to common use cases Community information sharing

Shibboleth-enabled information providers American Chemical Society Atypon CSA EBSCO Elsevier Science Direct Exlibris EZProzy JSTOR Literary Encyclopedia OCLC WorldCAT OVID/SilverPlatter Project MUSE Proquest Safari (underway) SCRAN Serials Solutions Springer Thomson Gale Thomson ISI (underway)

What can you do? Implement Shibboleth locally Explore local issues and concerns with your library Enable SSO with local proxy Pilot existing SSO vendors Discuss interest in SSO to commercial vendors

More information https://spaces.internet2.edu/display/inccollaborate/home

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information