1 / 15

Campuses New to Shibboleth: WebSSO

Barry Johnson hbj@clemson.edu. Campuses New to Shibboleth: WebSSO. Who is this guy?. 18 years with Clemson IT Director of Services Engineering Developer and Sysadmin at heart Creator of Clemson’s current WebSSO system.

luyu
Download Presentation

Campuses New to Shibboleth: WebSSO

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Barry Johnsonhbj@clemson.edu Campuses New to Shibboleth: WebSSO

  2. Who is this guy? • 18 years with Clemson IT • Director of Services Engineering • Developer and Sysadmin at heart • Creator of Clemson’s current WebSSO system

  3. “We aren't doing science here, we're just trying to get people logged on" - Mike Marshall

  4. Overview • Why use Shib? • How does it work? • Getting Started • Installation • The Experience • Info for Developers

  5. Why use Shib for SSO? Multi-platform Built on proven technologies An enabler secure collaboration

  6. How does it work?

  7. What do I need to get started? A solid identity store for Authentication LDAP SQL A good API Server Resources for the IDP Good Sysadmins Apache, Tomcat, IIS, XML, PKI

  8. Installation IDP – Identity Provider SP – Service Provider

  9. Installation: IDP Install Apache Install Tomcat Front IDP with Apache and delegate authentication to Apache Configure trust idp.xml, arp.xml, etc... https://spaces.internet2.edu/display/SHIB/InstallingShibboleth

  10. Installation: SP LAMP: Apache module and a daemon IIS: ISAPI module and service Configure trust shibboleth.xml, aap.xml, etc... https://spaces.internet2.edu/display/SHIB/InstallingShibboleth

  11. Shib: The Experience Users They may thank you, or they may not even notice Developers If they already delegate authentication to the server, they may not notice either If they currently handle authentication themselves, they may love or hate you. Security & Sysadmins They'll thank you later

  12. Developers Who is logged in? User information is in the headers PHP: $_SERVER['REMOTE_USER'] ASP: Request.ServerVariables("REMOTE_USER") JSP: request.getHeader("REMOTE_USER") Perl: $ENV{"REMOTE_USER"} http://shib.kuleuven.be/download/sp/test_scripts/

  13. Again, why Shib? So much more than WebSSO Enabler for secure collaboration sharing web resources beyond your institution Tool for implementing privacy policies clearing house for user attributes Tool for role-based authorization enables fine-grained control based on user attributes

  14. Learn more Come to our next session: June 26 Tuesday 10:15-11:30 Campuses New to Shibboleth: Attribute Delivery On-line resources: http://shibboleth.internet2.edu

  15. Questions?

More Related