E-LibUkr portal: Case study of Shibboleth and EZProxy in Ukraine.



Similar documents
Perceptive Experience Single Sign-On Solutions

Authentication Methods

Copyright: WhosOnLocation Limited

Toward campus portal with shibboleth middleware

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015

Web app AAI Integration How to integrate web applications with AAI in general?

Content Management Systems: Drupal Vs Jahia

Typo3_tridion. SDL Tridion R5 3/21/2008

Identity opens the participation age. Dr. Rainer Eschrich. Program Manager Identity Management Sun Microsystems GmbH

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Lets get a federated identity. Intro to Federated Identity. Feide OpenIdP. Enter your address. Do you have access to your ?

Agenda. How to configure

Title: A Client Middleware for Token-Based Unified Single Sign On to edugain

Shibboleth User Verification Customer Implementation Guide Version 3.5

Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources

Federated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications

Middleware integration in the Sympa mailing list software. Olivier Salaün - CRU

USING ESPRESSO [ESTABLISHING SUGGESTED PRACTICES REGARDING SINGLE SIGN ON] TO STREAMLINE ACCESS

Evaluation of different Open Source Identity management Systems

Flexible Identity Federation

How To Use Saml 2.0 Single Sign On With Qualysguard

SAML Security Option White Paper

Shibboleth and Library Resources

The Role of Federation in Identity Management

Content management system comparison

WebNow Single Sign-On Solutions

The Top 5 Federated Single Sign-On Scenarios

U S E R D O C U M E N TA T I O N ( A L E P H I N O

SAML SSO Configuration

Authentication Integration

Improving Security and Productivity through Federation and Single Sign-on

Identity Management. Manager, Identity Management. Academic Technology Services. Michigan State University Board of Trustees

HP Software as a Service. Federated SSO Guide

The Primer: Nuts and Bolts of Federated Identity Management

Getting Started with AD/LDAP SSO

PingFederate. SSO Integration Overview

The Primer: Nuts and Bolts of Federated Identity Management

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

Content Management Systems: Drupal Vs Jahia

nexus Hybrid Access Gateway

Single Sign-On for the UQ Web

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

Federated Identity for Cloud Computing and Cross-organization Collaboration

Building Secure Applications. James Tedrick

Research and Implementation of Single Sign-On Mechanism for ASP Pattern *

Federated Identity Management Solutions

Open-source Single Sign-On with CAS (Central Authentication Service)

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

Security Assertion Markup Language (SAML) Site Manager Setup

STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN

Getting Started with Single Sign-On

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

Building Library Website using Drupal

Using Shibboleth for Single Sign- On

F5 BIG-IP: Configuring v11 Access Policy Manager APM

Best Practices for Libraries and Library Service Providers

About Me. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack

IDENTITY MANAGEMENT ROLLOUT: IN A HURRY. Jason Blackader, UNIX Systems Administrator

Federated Identity Management. Willem Elbers (MPI-TLA) EUDAT training

AA enabling a closed source legacy application

PingFederate. Integration Overview

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia Pedro Borges

Entrust IdentityGuard Comprehensive

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Authentication and access control in Sympa mailing list server

Connected Data. Connected Data requirements for SSO

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

SAP Certified Technology Professional - Security with SAP NetWeaver 7.0. Title : Version : Demo. The safer, easier way to help you pass any IT exams.

Implementation Guide SAP NetWeaver Identity Management Identity Provider

Configuring EPM System for SAML2-based Federation Services SSO

Source code provided vs Open Source vs Free software Open Source comprises:

Web Access Management and Single Sign-On

Outsource the hosting of Luminis and have it hosted elsewhere

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

CERN Single Sign On. Emmanuel Ormancey CERN IT/IS. CERN IT Department CH-1211 Genève 23 Switzerland

SAML Federated Identity at OASIS

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

Introduction to SAML

Identity. Provide. ...to Office 365 & Beyond

Transcription:

E-LibUkr portal: Case study of Shibboleth and EZProxy in Ukraine. Yaroshenko Tetiana, yaroshenko[@]ukma.kiev.ua Introduction The Kyiv Mohyla Foundation of America and the National University of Kyiv Mohyla Academy, in collaboration with the Association Informatio-Consortium, Y. Fedkovych National University of Chernivtsi, V. Karazin National University of Kharkiv (Ukraine) and and faculty from the Center for Technology and Innovation Management at Northwestern University (USA) started the Electronic Library of Ukraine Project (ELibUkr) in 2009. The ELibUkr will be available for the participation of all universities of Ukraine. The ELibUkr is a nation-wide linked Electronic Library/Knowledge Centers network that will provide academics, students and practitioners enhanced access to the world s digitized network of academic and research information thus promoting the active use of local, regional, and global information. The project will upgrade the intellectual holdings of Ukrainian libraries and include them into the worldwide digitized information bases. As a part of the project the creation of the E-LibUkr portal was started. You can see more detailed information about the project at - www.elibukr.org/en/ E-LibUkr some key information Brief information about the Services of the E-LibUkr portal: Systematized catalogue of electronic scientific resources Access to external resources (subscribed and open) Social scientific network Interdisciplinary repository Electronic resources search General requirements Access via web-interface from any network point in the 24/7 mode Convenient user interface Scaled solution FOSS orientation Requirements to the portal Single access point for services provided by the project Flexible navigation management Full-fledged management of web pages Convenient news management. RSS channels support Management of project event calendar Management of project image galleries Project documentation Being multilingual; localization

User workplace requirements User profile (photo, short information, scientific interests sphere etc) Corporate social networks services (wiki, blog, communities) Personal materials allocation Search system requirements Large capacity knowledge bases search Integrated A-Z base Link resolving Integration with reverse proxy server Access control system requirements Single sign on system Centralized users base Subscribed resources access control Resources access personification Scrambled authentication channels Federalized user control system Repository requirements All types of digital materials support Subject catalogue organization of materials Organization of multi-disciplinary repositories Support of materials meta-description Extended search Large scopes of electronic materials support E-LibUkr portal architecture: Structural components 1. CMS: Joomla For the project portal part implementation CMS Joomla 1.5 is selected. The product functionality allows to create a convenient navigation on the portal. To create web pages and allocate there text, images, links etc. Page editing is done with WYSIWYG editor. News module with RSS channels support is a part of basis control component. Expansions to basic component allow: To make the portal multilingual To adjust for accounts administrator interface localization To use image galleries Event calendar Document library (is used to store the documents allocated in the portal) Integrates with system SSO Shibboleth 2. Social scientific network: Joomla Component Community builder A powerful environment for creation and support of online communities for Joomla; User profile data integration system in Joomla function; Several registration/authorization forms for Joomla sites; Environment that allows to create user profile of Joomla sites with additional parameters; Flexible structure by which it is possible to unite Joomla components with user profiles Community builder.

3. Authentication environment: Single Sign On (SSO). Shibboleth: http://shibboleth.internet2.edu/ The Shibboleth System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. The Shibboleth software implements widely used federated identity standards, principally OASIS' Security Assertion Markup Language (SAML), to provide a federated single sign-on and attribute exchange framework. Shibboleth also provides extended privacy functionality allowing the browser user and their home site to control the attributes released to each application. Using Shibbolethenabled access simplifies management of identity and permissions for organizations supporting users and applications. Shibboleth is developed in an open and participatory environment, is freely available, and is released under the Apache Software License. Why Shibboleth? More and more, universities, companies and government agencies offer services and collaborate online. Users typically access both online resources inside and outside their organizations to do their work. In the past, each of these services required its own ID and password and, for the user, that meant adding another set of credentials to that collection of sticky notes. For the institution, closing the security holes and just keeping up with the access changes for the services on and off campus was quite a challenge. Shibboleth Single Sign-on and Federating Software was developed specifically to address the challenges of: multiple passwords required for multiple applications scaling the account management of multiple applications security issues associated with accessing third-party services privacy interoperability within and across organizational boundaries enabling institutions to choose their authentication technology enabling service providers to control access to their resources. An individual uses his or her campus login and password to access resources offered by the institution and provider organizations. And campus IT shops can use their authentication technology of choice - Shibboleth sits on top and provides the web single sign-on functionality. Developed in university environment Used in many educational institutions throughout the world Allows to integrate diverse systems and platforms into single authentication environment One login and password to enter all the connected systems Supported by main web servers, CMS, electronic repositories Transparent for end-user LDAP support (User base. Microsoft Active Directory) Multifunctional catalogue service Based on LDAP Developed infrastructure Convenient user interface Full-fledged access and security parameters administration 4. Reverse proxy server: EZProxy. Created especially for support of remote access to subscribed library resources Used by the majority of world leading university libraries

Contains ready specific adjustments for optimal access to the most world databases of electronic publications Convenient in adjustment and support Can be integrated with the system SSO Shibboleth 5. Search engine: CUFTS: Open Source Serials Management - http://researcher.sfu.ca/cufts: Knowledgebase of full-text journal collections Searchable A-Z database of databases Searchable A-Z journal database MARC records for each title Direct to article OpenURL link resolving 6. Electronic repository: DSpace A powerful tool for electronic materials creation and storage Supports different formats Supports mass data Convenient structural data organization system Global search Can be integrated with the system SSO Shibboleth Fig. 1 System software architecture

Implementation of project List of the servers and software 1. Directory service server a. Windows Server 2008 b. Active Directory c. Terminal Services 2. Shibboleth IdP server a. FreeBSD 7.2 b. Apache Tomacat Server 6 c. Java SDK 6 d. Shibboleth IdP 2.1 3. Reverse Proxy-Server a. Windows Server 2008 b. EZProxy 5.1c 4. Web-server a. FreeBSD 7.2 b. Apache HTTP Server 2.2 c. PHP5 d. Perl 5.9 e. MySQL 5.1. f. PgSQL 8.3 g. Shibboleth SP 2.2, mod_shib h. CUFTS i. Joomla + Community Builder 5. Repository a. FreeBSD 7.2 b. Apache Tomacat Server 6 c. PgSQL 8.3 d. Java SDK 6 e. DSpace 1.5 State of works Shibboleth server The central element (identity provider - IdP ) of Shibboleth server is established and adapted to support Single Sign On system All portal elements which need authentication will be connected with IdP Shibboleth server is linked to Active Directory Active Directory To manage portal users database Active Directory is installed (based on MS Active Directory) 3 organizational units are established (OU), by 1 for each of the consortium participants (chnu, khnu, ukma) Each of 3 OU is provided to register users from corresponded universities OU management will be provided by separate delegates from corresponded universities Active Directory is linked to Shibboleth portal server EZProxy - server EZproxy is installed to provide access to prepaid databases EZproxy is linked to Shibboleth server (conformably to directory service for authentication EZproxy is tuned to support prepaid resources of consortium members Assess to databases is given on the base of each universities individual subscription plan Users separation is realized on the basis of OU of the catalogue service

Web - server Apache HTTP Sever is installed Server software is installed and tuned to support web application : PHP, Perl, MySQL, PgSQL CMS Joomla ( on the base of PHP, MySQL) is installed Community Builder is in the process of setting Design and structure of the portal optimization is in the process mod_shib is installed and tuned for web- server to fulfill Shibboleth Service Provider (SP) function mod_shib is linked to IdP of Shibboleth server mod_shib provides portal users authentication on the web - server and on CMS Joomla Search engine CUFTS is settled (on the base of Perl, PgSQL). It is in the process of tuning. Software Apache Tomacat Server and PostgreSQL Server are installed DSpace is installed and tuned Preparation of the server for insertion of the repository DSpace into SSO Shibboleth system is in the process Preparation of the e- materials catalogue structure is in the process

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information