Federated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications



Similar documents
Authentication Methods

Identity Management. Manager, Identity Management. Academic Technology Services. Michigan State University Board of Trustees

Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources

Integrating Multi-Factor Authentication into Your Campus Identity Management System

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department

Logout in Single Sign-on Systems

Shibboleth User Verification Customer Implementation Guide Version 3.5

Single Sign On at Colorado State. Ron Splittgerber

Identity Management Systems for Collaborations and Virtual Organizations

About Me. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack

Federated Identity Management

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

Flexible Identity Federation

Shibboleth Identity Provider (IdP) Sebastian Rieger

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle

How Single-Sign-On Improves The Usability Of Protected Services For Geospatial Data

Provisioning and Deprovisioning 1 Provisioning/De-provisiong replacement 1

OpenLogin: PTA, SAML, and OAuth/OpenID

IAM, Enterprise Directories and Shibboleth (oh my!)

SAML Authentication within Secret Server

Logout Support on SP and Application

SAML-Based SSO Solution

Using Shibboleth for Single Sign- On

Federated Identity Management

Shibboleth Authentication. Information Systems & Computing Identity and Access Management May 23, 2014

SAML SSO Configuration

Shibboleth : An Open Source, Federated Single Sign-On System David E. Martin martinde@northwestern.edu

Authentication and Single Sign On

SAML Federated Identity at OASIS

Configuring EPM System for SAML2-based Federation Services SSO

Get Cloud Ready: Secure Access to Google Apps and Other SaaS Applications

Authentication Integration

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

Middleware integration in the Sympa mailing list software. Olivier Salaün - CRU

Introducing Shibboleth

USING ESPRESSO [ESTABLISHING SUGGESTED PRACTICES REGARDING SINGLE SIGN ON] TO STREAMLINE ACCESS

Identity and Access Management (IAM) Roadmap DRAFT v2. North Carolina State University

Security As A Service Leveraged by Apache Projects. Oliver Wulff, Talend

TIB 2.0 Administration Functions Overview

SAML Authentication Quick Start Guide

Integration of Shibboleth and (Web) Applications

SAML-Based SSO Solution

Multi-Factor Authentication, Assurance, and the Multi-Context Broker

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

Configuring Single Sign-on from the VMware Identity Manager Service to Amazon Web Services

Copyright: WhosOnLocation Limited

The increasing popularity of mobile devices is rapidly changing how and where we

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia Pedro Borges

Single Sign-on. Overview. Using SSO with the Cisco WebEx and Cisco WebEx Meeting. Overview, page 1

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Configuring. Moodle. Chapter 82

Toward campus portal with shibboleth middleware

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Title: A Client Middleware for Token-Based Unified Single Sign On to edugain

Shibboleth Configuration from 100,000 Feet, in 15 Minutes or Less! Steve Thorpe Systems Programmer / Analyst MCNC

T his feature is add-on service available to Enterprise accounts.

Configuring SAML2 for Single Sign On to Smartsheet (Enterprise Only)

SAML single sign-on configuration overview

SAP NetWeaver AS Java

DocuSign Single Sign On Implementation Guide Published: March 17, 2016

Identity and Access Management for Federated Resource Sharing: Shibboleth Stories

Enabling SAML for Dynamic Identity Federation Management

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

Agenda. How to configure

SAML Authentication with BlackShield Cloud

E-LibUkr portal: Case study of Shibboleth and EZProxy in Ukraine.

Keeping access control while moving to the cloud. Presented by Zdenek Nejedly Computing & Communications Services University of Guelph

Building Secure Applications. James Tedrick

Federations 101. An Introduction to Federated Identity Management. Peter Gietz, Martin Haase

IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS

A Shibboleth View of Federated Identity. Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

SAML Security Option White Paper

Perceptive Experience Single Sign-On Solutions

Single Sign-On for the UQ Web

Transcription:

Federated Identity Management and Shibboleth Noreen Hogan Asst. Director Enterprise Admin. Applications

Federated Identity Management Management of digital identity/credentials (username/password) Access management policies and procedures Authentication/SSO Scaled to provide interactions between an association of organizations

InCommon Federation Higher Ed Federation (200+ HE members) Common attributes, practices, policies for information exchange UO joined in February 2010 Identity Providers, Service Providers Participant Operating Practices (POP) Documents your organizations IdM practices Identity Assurance Program Bronze and Silver Identity Assurance Profiles

Standards & Recommendations Security Assertion Markup Language (SAML) XML based open standard for communicating authentication, entitlement, and attribute information.. Eduperson Object Class Common attribute definitions Discovery Service To select your Identity Provider for service access uapprove Allows user to view and approve release of attribute data (developed by SWITCHaii)

Current Federated UO IdM Duck ID based access to EDUCAUSE Internet2 wiki Qualtrix Service Providers on campus that are allowing federated access to UO resources? Wireless access PSU, OSU, UO Not taking advantage of InCommon federation, but a type of federated access

Shibboleth Standards based, open source federated single sign-on and attribute exchange software developed by Internet2 Uses SAML V2.0 Web single sign-on Attribute delivery for authorization decisions and/or application customization Recommended and supported by InCommon

Shibboleth Advantages SSO functionality No need to manage usernames and passwords locally Things to be aware of Session management No central logout, must close browser Attribute delivery Don t need to store or manage data locally Common attribute definitions

Shibboleth Components Service Provider (SP) Managed by application owner Daemon and loadable module for web server Apache, IIS, iplanet, FastCGI Identity Provider (IdP) Managed by IS - Leverages Identity Management System Provides authentication, attribute data

Shibboleth Demos http://switch.ch/aai/demo/2/simple.html http://switch.ch/aai/demo/2/medium.html http://switch.ch/aai/demo/2/expert.html

Getting Started with Shibboleth 1. Install Service Provider software 2. Obtain SSL certificate for the site 3. Send request to wso-request@ithelp 4. If require attributes not included in the default set, fill out Shibboleth Attribute Request form. 5. Make sure SP Metadata is available to IdP

Campus Shib Use aaa.uoregon.edu aaablogs.uoregon.edu vpfa-prod.uoregon.edu ba.uoregon.edu surplus.uoregon.edu ir.uoregon.edu brp.uoregon.edu pcs.uoregon.edu Profdevel.uoregon.edu odt.uoregon.edu academicaffairs.uoregon.edu wiki.uoregon.edu safetyweb.uoregon.edu intlsa.uoregon.edu networkservices.uoregon.edu budgetmodel.uoregon.edu it.uoregon.edu libproxy.uoregon.edu (testing)

Challenges/Moving Forward Persistent Identifiers UO currently reassigns usernames Length restrictions, currently 3-8 characters Vanity email addresses (aliases) Remote vetting How to prove identity? Levels of Assurance (LOA) CAS, Shib, and AD?

Other Federated IdM Consumer Apps/Federated IdM Social IDs and Open IDs Facebook, Google, Yahoo Level of assurance for information from these IdPs? OK for low risk services? IAM Online April 13, see InCommon web site Work in other countries Switzerland - SWITCHaai UK Access Management Federation SURFnet - Netherlands Many others

Resources UO IdM site - it.uoregon.edu/idm Incommon http://www.incommon.org Internet2 Middleware Initiative http://www.internet2.edu/middleware/index.cfm EDUCAUSE IAM Working Group Organization for the Advancement of Structured Information Standards (OASIS) http://www.oasis-open.org/home/index.php

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information