Using Grouper: Newcastle University case studies. Richard James Caleb Racey

Similar documents
Cal Racey

Three Campus Case Studies: Managing Access with Grouper

IDMAPS. Institutional Data Management. Personalisation & Syndication. for

Development and deployment of integrated attribute based access control for collaboration

Authentication Methods

GET IN NOW Step 2: Add Users

The New Grouper: Its New User Interface and More

Active Directory Sync (AD) How it Works in WhosOnLocation

Federated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications

CERN Single Sign On. Emmanuel Ormancey CERN IT/IS. CERN IT Department CH-1211 Genève 23 Switzerland

CERN Single Sign On solution

Owner of the content within this article is Written by Marc Grote

Middleware integration in the Sympa mailing list software. Olivier Salaün - CRU

Introduction to Installing and Managing Microsoft Exchange Server 2007

Integration of Office 365 with existing faculty SSO

Enhancing Collaboration by Extending the Groups Directory Infrastructure. James Cramton Brown University

ShibboLEAP Project. Final Report: School of Oriental and African Studies (SOAS) Colin Rennie

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

Authentication and access control in Sympa mailing list software

Web based single sign on. Caleb Racey Web development officer Webteam, customer services, ISS

Three Case Studies in Access Management

IDENTITY MANAGEMENT ROLLOUT: IN A HURRY. Jason Blackader, UNIX Systems Administrator

Course: Fundamentals of Microsoft Server 2008 Active Directory

Evaluation of different Open Source Identity management Systems

Authentication and access control in Sympa mailing list server

Network Detective. Security Assessment Module Using the New Network Detective User Interface Quick Start Guide

LECTURES NOTES Organisational Aspects of Software Development

TIBCO Spotfire Platform IT Brief

Red Hat Identity Management

Kittys School Management System

LIGO Mailing List Group Configuration

Integrating LANGuardian with Active Directory

Identity Management. Critical Systems Laboratory

Planning & Outcomes Assessment Management Solutions

Table of Contents SQL Server Option

Federated Wikis Andreas Åkre Solberg

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

Identity Management in Quercus. CampusIT_QUERCUS

ShoreTel Active Directory Import Application

An Oracle White Paper March Integrating Microsoft SharePoint Server With Oracle Virtual Directory

INTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN

Entrust IdentityGuard Comprehensive

LDAP and Active Directory Guide

Jisc Conext A pilot implementation of OpenConext for UK academia Carl Vincent, OpenConext Workshop, June 2013

Automating System Administration with Perl

Privilege and Access Management. Jan Tax Identity Management Specialist UNC Chapel Hill

Management Authentication using Windows IAS as a Radius Server

Advance with CIMA. Applying for CIMA Accreditation of Higher Education Programmes

COURSE CONTENT FOR WINTER TRAINING ON Web Development using PHP & MySql

JISC Project Plan. Project Information Project Identifier To be completed by JISC Project Title

Implementing and Maintaining Microsoft SQL Server 2008 Integration Services

Application Note. ShoreTel 9: Active Directory Integration. Integration checklist. AN June 2009

P-Synch by M-Tech Information Technology, Inc. ID-Synch by M-Tech Information Technology, Inc.

Avatier Identity Management Suite

Authentication Project Report

DIGIPASS Authentication for GajShield GS Series

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

MICROSOFT ISA SERVER 2006

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

CA and SSL Certificates

Identity Management. Manager, Identity Management. Academic Technology Services. Michigan State University Board of Trustees

From centralized to single sign on

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Drupal

Monitoring Microsoft Applications. eg Enterprise v6

Summary. How-To: Active Directory Integration. April, 2006

StarTel. Course Syllabus

Identity and Access Management for Federated Resource Sharing: Shibboleth Stories

10231B: Designing a Microsoft SharePoint 2010 Infrastructure

Canadian Access Federation: Trust Assertion Document (TAD)

External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

Masters in Information Technology

Licia Florio Project Development Officer Identity Federations in Europe

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

User Roles & Adding Domains & Users

Active Directory Sync (AD) How to Setup

Preliminary Course Syllabus

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions

Updating Your Network Infrastructure and Active Directory Technology Skills to Windows Server 2008

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

LIGO Identity Management: Questions I Wish We Would Have Asked

escan SBS 2008 Installation Guide

Course Syllabus. Configuring and Troubleshooting Internet Information Services in Windows Server Key Data. Audience. At Course Completion

Using Shibboleth for Single Sign- On

Copyright 2014 Jaspersoft Corporation. All rights reserved. Printed in the U.S.A. Jaspersoft, the Jaspersoft

Groups and Operations in the Clouds

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

UCI IT Projects. Project Name & Description Academic Computing

JOB DESCRIPTION. 1. JOB TITLE: Senior Lecturer in Computer Science (Cyber Security)

University of Maine System Active Directory Services - RFP# ADDENDUM #01

Designing a Windows Server 2008 Active Directory Infrastructure and Services

Course Syllabus Microsoft Dynamics CRM 4.0 Customization and Configuration (Elements of this syllabus are subject to change.)

Membership Management

LDAP connectivity to the REDDOXX-Appliance

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

SchoolBooking SSO Integration Guide

SAP HANA Cloud Portal Overview and Scenarios

Federated AAA middleware and the QUT SSO environment

SolarWinds Technical Reference

IGI Portal architecture and interaction with a CA- online

Single Sign On. SSO & ID Management for Web and Mobile Applications

Transcription:

Using Grouper: Newcastle University case studies Richard James Caleb Racey

Context: Newcastle University UK University Over 5000 staff members Over 20,000 students Research focused Centralised IT service Malaysian Campus

Context: Who we are Caleb Racey Team Leader of Middleware Team 9 years experience of web application provision Particular focus on issues of single sign on and access control Richard James 2 years as Computing officer within the Middleware Team Main focus on Group Management and data integration Lead project officer in GRAND project

Grouper Deployment at Newcastle University First deployed 3 years ago Early focus on access control via Shibboleth i.e. Wiki access Advancements in Grouper led to new Use Cases being identified New components Grouper loader New Grouper integration methods LDAPPC, LDAPPC-NG New in house integration tools Talend (www.talend.com)

Background Grouper components implemented Grouper Loader Uses HR data to load Newcastle University s organisational structure Provide source groups and roll up groups Web services Administration of access to wiki service LDAPPC Maintenance tools Unresolvable subjects/ Bad membership finder

Grouper Deployment at Newcastle University Focus on 3 main use cases Controlling access to web resources via Shibboleth Grouper and Active Directory Grouper integrating with Third Party Systems

Controlling access to web resources via Shibboleth First deployment to provision access to wiki service Grouper s web services Custom built UI to add/delete members Moving towards using the new Lite UI Grouper Group s released to Shibboleth as attributes Make use of Shib s Grouper Groups attribute in htaccess file require nclgroup NCL:UserGroups:Richie:RichiesGroup

Scenario - Reading List System System to allow module leaders and lecturers to manage reading lists Access dependant on users contribution to module Leader, Lecturer, Demonstrator Data from Student Management system to pre-populate access groups Data integration tool Talend to extract, manipulate and load data Groups loaded via GSH command line Library_Admin group granted administrator privileges on all modules Groups released as Shibboleth attribute

Use case document available at http://research.ncl.ac.uk/grand/resources.php

Grouper and the Active Directory LDAPPC/LDAPPC-NG enable Grouper to provision groups to the AD Why this appeals to us? One access group for all Access group defined in grouper Use HR/Student Management Data Control wiki, mailing list, blog access using Shib Attribute Control access to file space via AD

Scenario Delegating access to Wireless Network Needed a method to delegate access to Wireless network dependant on user type Staff and Research Postgraduates to get full access Undergraduates and Taught Postgraduates to get part access Microsoft Radius server had no way of accurately determining user type No attributes attached to user in Active Directory to define type Access delegated on format of Login ID Restricted to delegating access solely on a users Login ID Encourages departments to come up with own wireless network solutions

Solution Delegating access to Wireless Network Utilise HR/Student Management system data to determine a user type Create roll up groups for student types Undergraduates Taught postgraduate Research postgraduate Create access control groups for types of access Assign access using student roll up groups Use Org_Structure to assign membership to all of Newcastle University Provision access control groups into AD RADIUS server can query a users membership of access groups http://research.ncl.ac.uk/grand/resources.php

Grouper with third party systems Systems cant always directly integrate with grouper Non web-based, non LDAP based... Need alternative method of extracting Grouper groups and provision to systems Use pre-existing open source tools Data integration tool Talend Extract data from Grouper Direct from Grouper databases, web services Combine with organisational data, i.e. HR and Student Management data Range of connectors/adaptors allows for easy integration with other systems Rapid development which is easily maintainable...

Scenario Syllabus Plus room booking system Syllabus Plus room booking service Backend not web based Required role based group management from a central source Role membership dependant on department/faculty Grouper perfect solution to manage roles Centralised management Admin has full control over roles Org_structure allows departments to be assigned to groups Individual memberships for more restricted roles

Scenario Provisioning from Grouper into Syllabus Plus Talend provided the components necessary to achieve this Extract role memberships from Grouper Combine with HR data Job position, known as name Transform data into desired output format Transport data from Grouper into Syllabus Plus Access to syllabus plus room booking service controlled by roles managed in Grouper http://research.ncl.ac.uk/grand/resources.php

High Availability Currently it is not a key priority Many implementations don t require real time querying of Grouper In the future may need to reconsider More use of real time querying from Shibboleth

Any Questions? Details of all Use cases can be found at http://research.ncl.ac.uk/grand Contact the project at http://research.ncl.ac.uk/grand/feedback.php or via grand@ncl.ac.uk

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information