150 likes | 194 Views
Shibboleth 2.0 IdP Training: Introduction. January, 2009. Before Lunch Introduction IdP Basics and Installation After Lunch Authentication Attributes Productionalization. Federated Identity Management. Distributed identity management system
E N D
Shibboleth 2.0 IdP Training:Introduction • January, 2009
Before Lunch • Introduction • IdP Basics and Installation • After Lunch • Authentication • Attributes • Productionalization
Federated Identity Management • Distributed identity management system • Enterprises trust each other to provide information • Security/privacy protection
Shibboleth • Open source enterprise federated single sign on software • Project started in 2000, first release 2003 • Current version 2.1 • Standards based (SAML) • Widely used in education & government environments
SAML • Security Access Markup Language • XML-based standard for authentication and authorization data interchange • Identity Provider – producer of assertions • Service Provider – consumer of assertions • Current Version: 2.0 • Shibboleth 2.0 implements SAML 2.0
How it works • The user tries to access a protected application • The user tells the application where they are from • The user logs in at “home” • The user’s home tells the application about the user • The application accepts or rejects the user
Shibboleth Identity Provider (IdP) • Java Servlet application • Runs in any Java Servlet 2.4 container • Does not contain attributes or logins • Connects to authoritative sources
What uses Shibboleth? • Microsoft Dreamspark • Apple iTunesU • Elsevier ScienceDirect • ExLibris MetaLib • Google Apps • . . .lots more. . .
Federations • Trusted communities with common user bases and applications • Can provide metadata, rules, auditing, advertising of services, etc. • Not required for Shibboleth
Federation for CHECO • TBD