1 / 28

Shibboleth at Newcastle

Shibboleth at Newcastle. Caleb Racey Webteam ISS. Shibboleth experiences. Program Background What shib has enabled Benefits of shib How to do shib. Background. IAMSECT Project - JISC funded Shib early adopter 2 year project (finished this summer) VLE focussed

damita
Download Presentation

Shibboleth at Newcastle

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Shibboleth at Newcastle Caleb Racey Webteam ISS

  2. Shibboleth experiences Program • Background • What shib has enabled • Benefits of shib • How to do shib

  3. Background IAMSECT Project - JISC funded • Shib early adopter • 2 year project (finished this summer) • VLE focussed • Focus on shared medical students • Collaboration with Durham One of few practical deployment Projects

  4. What we use shib for Blogs Mailing lists Wikis Webforms Course submission VLEs Athens

  5. Blogs

  6. Blogs Ease of installation: Modify php authentication code (1 man day) Benefits: User account creation automated Login never exposed to potentially untrustworthy code

  7. Sympa mailings list

  8. Sympa Mailing lists Ease of installation: Supported out of the box, adjust config file (1 hour) Benefits: SSO Auto account creation Allows both shib and local Auth

  9. Mediawiki

  10. Mediawiki Ease of installation: Download + install “extension” tweak config file (1 hour) Benefits: SSO User accounts creation automated Login never exposed to potentially untrustworthy code

  11. Access controlled websites

  12. Quick easy Access Control Ease of installation: .htaccess file by users (5 mins) Benefits: Web developers don’t need to understand complexities of secure login Auto population of info fields (email addresses etc)

  13. Coursework.cs

  14. Coursework.cs Ease of installation: Install shib + configure server Work out how best to do WAYF Benefits: Federated service now possible, Durham students can now use.

  15. Medical VLE

  16. Medical VLE Ease of installation: Hard (Zope based) fast_cgi complex difficult user base Large legacy Benefits: SSO Roadmap away from legacy Reduced admin

  17. Athens

  18. Athens

  19. Athens Ease of installation: Hard (at the time) : - easy now? working out how to join multiple feds SSL cert incompatibility worries- now gone Benefits: SSO Reduced Admin overhead

  20. What shib is not used for Blackboard in Newcastle • Blackboard shib support is UNIX based • Windows possible (but not out of the box) • Durham have test UNIX install

  21. Benefits of shib International takeup = defacto standard “out of the box” shibd apps available. One web login technology to support Less SysAdmin effort Less documentation Less user education Less burden on web developers, don’t need to understand: How to do secure login How / Where to get user data

  22. How to install Very brief overview of steps Prerequisites IdP SP Timescales See http://iamsect.ncl.ac.uk for details

  23. How to install: prerequisites Prerequisites: Identify suitable password store e.g. Active Directory Learn how to do https SSL certs, certificate Authorities Deploy WebISO or simple sign on e.g. Pubcookie, CAS, Mod_auth_Ldap

  24. How to install: shib IdP Install and configure the software: • not that hard (anymore) • Java based (java skills not needed) • Follow guide • tweak xml config files Difficult bits: • SSL certs (global sign or Thawte) • Identify institutional data stores

  25. How to Install: shib SP Linux + Apache: Prerolled RPMs= install + tweak config file (couple of hours) Windows + IIS: MSI installer= install+tweak config file (couple of hours) Java, Python, Ruby, Perl or cgi: Stick behind linux + apache, Install + configure connector (mod_jk, fast_cgi) (couple of days)

  26. Where to get help • https://authdev.it.ohio-state.edu/twiki/bin/view/Shibboleth/WebHome • http://iamsect.ncl.ac.uk • http://shib.kuleuven.be/ • http://www.switch.ch/aai/

  27. Questions?

More Related