Top Banner
http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project
24

Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

Apr 01, 2015

Download

Documents

Raegan Bardell
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

http://iamsect.ncl.ac.uk/

Introduction to Shibboleth and the IAMSECT Project

Page 2: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

2

http://iamsect.ncl.ac.uk/

What is Shibboleth?

• Authentication management

• Authorisation management

• (Open Source) Software

• A decentralised, key-based trust model

• Web-based

Page 3: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

3

http://iamsect.ncl.ac.uk/

Overview

• Users and Services, now• Users and Services, with Shibboleth• ID Providers• The IAMSECT Project

• Demonstration #1 - Shibboleth & BB• Demonstration #2 – BIOSIS (live)• Questions

Page 4: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

4

http://iamsect.ncl.ac.uk/

Users and Services - now

• Many username & password pairs

• Tools to manage them• Means of Coping

• Managing user lists• ‘remote users’• Keeping up-to-date

Users Services

•Confidentiality•Security

Page 5: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

5

http://iamsect.ncl.ac.uk/

User and Services - Shibboleth

• One Home institution• One username and

password

• No user lists• Federations

Users Services

How?

Page 6: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

6

http://iamsect.ncl.ac.uk/

Identity Providers

• Assert someone’s identity

• You want your users to access remote services• Only worry about your own users

Page 7: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

7

http://iamsect.ncl.ac.uk/

Federations

• Groups of Identity & Service Providers

• A set of agreed policies

• Mutual trust (via symmetric keys)

Page 8: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

8

http://iamsect.ncl.ac.uk/

IAMSECT

• Inter-institutional Authorisation Management to Support eLearning with reference to Clinical Teaching

Page 9: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

9

http://iamsect.ncl.ac.uk/

IAMSECT

• JISC funded

• Collaboration between Durham, Northumbria, Newcastle

• Shibboleth isn’t trivial

• Technical issues

• Managerial issues

• Confidentiality - Clinical Teaching

Page 10: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

10

http://iamsect.ncl.ac.uk/

Demonstration #1 (theoretical)

• At present, theoretical

• Durham Blackboard (Service Provider)• Newcastle login (Identity Provider)

Page 11: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

11

http://iamsect.ncl.ac.uk/

Demonstration #1

Page 12: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

12

http://iamsect.ncl.ac.uk/

User attempts to access Service

Page 13: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

13

http://iamsect.ncl.ac.uk/

http://duo.dur.ac.uk/

Page 14: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

14

http://iamsect.ncl.ac.uk/

User redirected to ‘WAYF’

Page 15: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

15

http://iamsect.ncl.ac.uk/

https://wayf.sdss.ac.uk/shibboleth-wayf/...

Page 16: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

16

http://iamsect.ncl.ac.uk/

User selects their Identity Provider

Page 17: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

17

http://iamsect.ncl.ac.uk/

https://weblogin.ncl.ac.uk/cgi-bin/index.cgi

Page 18: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

18

http://iamsect.ncl.ac.uk/

I.P. authenticates User

Active Directory

Page 19: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

19

http://iamsect.ncl.ac.uk/

User redirected back to Service

Active Directory

Page 20: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

20

http://iamsect.ncl.ac.uk/

https://shib.ncl.ac.uk/shibboleth/HS?...

Page 21: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

21

http://iamsect.ncl.ac.uk/

User accesses Service

Active Directory

Page 22: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

22

http://iamsect.ncl.ac.uk/

http://duo.dur.ac.uk/

Page 23: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

23

http://iamsect.ncl.ac.uk/

Demonstration #2 (live)

• EDINA BIOSIS e-journal Service

• SDSS federation WAYF

• Newcastle Identity Provider

Page 24: Http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project.

24

http://iamsect.ncl.ac.uk/

Questions