1 / 9

Shibboleth Penn State Case Study

Shibboleth Penn State Case Study. Renée Shuey Senior Systems Engineer ITS – Emerging Technologies October 13, 2003. Penn State/NC State Pilot. Summer 2002 ~ 20 students, 2 weeks, 1 course Fall 2002 ~200 students 3 courses Spring 2003 ~1800 students Successful login: 63,026

totie
Download Presentation

Shibboleth Penn State Case Study

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ShibbolethPenn State Case Study Renée Shuey Senior Systems Engineer ITS – Emerging Technologies October 13, 2003

  2. Penn State/NC State Pilot • Summer 2002 • ~ 20 students, 2 weeks, 1 course • Fall 2002 • ~200 students • 3 courses • Spring 2003 • ~1800 students • Successful login: 63,026 • All courses

  3. Penn State/NC State Pilot • Hardware: Dell Poweredge 1650 , Dual 1.2 GHz Pentium III 1GB RAM 30 GB HD Intel 82544EI Gigabit Ethernet Controller • Software: RedHat Linux 9 Apache 1.3.27 Tomcat 4.1.24 Sun Java 1.4.1_03 Shibboleth Origin 1.0

  4. Pilot to Production • Agree on attributes/formats for WebAssign • eduPersonEntitlement, eduPersonAffiliation, eduPersonPrincipalName, Common Name • Ex. URN:PSU.EDU:COURSE:UP:PHYS211L:002 • Upgrade to RedHat 9.0 • Upgrade to Shibboleth 1.1 • Configure Attribute Release Policy (ARP) set up to release attributes to webassign.net

  5. Pilot to Production • Update LDAP eduPersonEntitlement with course/section/campus location • Share keystore for pilot and production servers until InCommon is production ready • Create regular expression for multi-value attributes in the ARP • Join InCommon • WebAssign dynamic update

  6. Production Environment • Hardware: IBM BladeCenter w/ 2-way 2.4 GHz Intel w/ 2.5 GB memory • Software: RedHat Linux 9.0 Apache 1.3.28 Tomcat 4.1.24 Sun Java 1.4.1_03 Shibboleth Origin 1.1

  7. …<Requester>www.webassign.net</Requester>                         <AnyResource/>                 </Target>                 <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName">                         <AnyValue release="permit"/>                 </Attribute>                 <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement">                         <AnyValue release="permit"/>                 </Attribute>                 <Attribute name="urn:mace:dir:attribute-def:cn">                         <AnyValue release="permit"/>                 </Attribute>         </Rule> </AttributeReleasePolicy>

  8. <Attribute xmlns:typens="urn:mace:shibboleth:1.0" AttributeName="urn:mace:dir:attribute-def:eduPersonEntitlement" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"> <AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="typens:AttributeValueType">      URN:PSU.EDU:COURSE:UP:PHYS211L:002     </AttributeValue> <AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="typens:AttributeValueType">      URN:PSU.EDU:COURSE:UP:PHYS211R:030     </AttributeValue>    </Attribute>    <Attribute xmlns:typens="urn:mace:shibboleth:1.0" AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">     <AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Scope="psu.edu" xsi:type="typens:AttributeValueType">      member     </AttributeValue>   

  9. What’s Next? • Investigate Shibboleth Meteor Gateway • Use Shibboleth to access PHEAA from student web applications • Investigate Shibboleth for non Web applications such as LionShare (P2P) • Continue to pilot with Library vendors • Incorporate University of Michigan’s Cosign (WebISO) with our origin site

More Related