280 likes | 446 Views
Shibboleth at Newcastle. Caleb Racey Webteam ISS. Shibboleth experiences. Program Background What shib has enabled Benefits of shib How to do shib. Background. IAMSECT Project - JISC funded Shib early adopter 2 year project (finished this summer) VLE focussed
E N D
Shibboleth at Newcastle Caleb Racey Webteam ISS
Shibboleth experiences Program • Background • What shib has enabled • Benefits of shib • How to do shib
Background IAMSECT Project - JISC funded • Shib early adopter • 2 year project (finished this summer) • VLE focussed • Focus on shared medical students • Collaboration with Durham One of few practical deployment Projects
What we use shib for Blogs Mailing lists Wikis Webforms Course submission VLEs Athens
Blogs Ease of installation: Modify php authentication code (1 man day) Benefits: User account creation automated Login never exposed to potentially untrustworthy code
Sympa Mailing lists Ease of installation: Supported out of the box, adjust config file (1 hour) Benefits: SSO Auto account creation Allows both shib and local Auth
Mediawiki Ease of installation: Download + install “extension” tweak config file (1 hour) Benefits: SSO User accounts creation automated Login never exposed to potentially untrustworthy code
Quick easy Access Control Ease of installation: .htaccess file by users (5 mins) Benefits: Web developers don’t need to understand complexities of secure login Auto population of info fields (email addresses etc)
Coursework.cs Ease of installation: Install shib + configure server Work out how best to do WAYF Benefits: Federated service now possible, Durham students can now use.
Medical VLE Ease of installation: Hard (Zope based) fast_cgi complex difficult user base Large legacy Benefits: SSO Roadmap away from legacy Reduced admin
Athens Ease of installation: Hard (at the time) : - easy now? working out how to join multiple feds SSL cert incompatibility worries- now gone Benefits: SSO Reduced Admin overhead
What shib is not used for Blackboard in Newcastle • Blackboard shib support is UNIX based • Windows possible (but not out of the box) • Durham have test UNIX install
Benefits of shib International takeup = defacto standard “out of the box” shibd apps available. One web login technology to support Less SysAdmin effort Less documentation Less user education Less burden on web developers, don’t need to understand: How to do secure login How / Where to get user data
How to install Very brief overview of steps Prerequisites IdP SP Timescales See http://iamsect.ncl.ac.uk for details
How to install: prerequisites Prerequisites: Identify suitable password store e.g. Active Directory Learn how to do https SSL certs, certificate Authorities Deploy WebISO or simple sign on e.g. Pubcookie, CAS, Mod_auth_Ldap
How to install: shib IdP Install and configure the software: • not that hard (anymore) • Java based (java skills not needed) • Follow guide • tweak xml config files Difficult bits: • SSL certs (global sign or Thawte) • Identify institutional data stores
How to Install: shib SP Linux + Apache: Prerolled RPMs= install + tweak config file (couple of hours) Windows + IIS: MSI installer= install+tweak config file (couple of hours) Java, Python, Ruby, Perl or cgi: Stick behind linux + apache, Install + configure connector (mod_jk, fast_cgi) (couple of days)
Where to get help • https://authdev.it.ohio-state.edu/twiki/bin/view/Shibboleth/WebHome • http://iamsect.ncl.ac.uk • http://shib.kuleuven.be/ • http://www.switch.ch/aai/