http://iamsect.ncl.ac.uk/ Introduction to Shibboleth and the IAMSECT Project
Apr 01, 2015
http://iamsect.ncl.ac.uk/
Introduction to Shibboleth and the IAMSECT Project
2
http://iamsect.ncl.ac.uk/
What is Shibboleth?
• Authentication management
• Authorisation management
• (Open Source) Software
• A decentralised, key-based trust model
• Web-based
3
http://iamsect.ncl.ac.uk/
Overview
• Users and Services, now• Users and Services, with Shibboleth• ID Providers• The IAMSECT Project
• Demonstration #1 - Shibboleth & BB• Demonstration #2 – BIOSIS (live)• Questions
4
http://iamsect.ncl.ac.uk/
Users and Services - now
• Many username & password pairs
• Tools to manage them• Means of Coping
• Managing user lists• ‘remote users’• Keeping up-to-date
Users Services
•Confidentiality•Security
5
http://iamsect.ncl.ac.uk/
User and Services - Shibboleth
• One Home institution• One username and
password
• No user lists• Federations
Users Services
How?
6
http://iamsect.ncl.ac.uk/
Identity Providers
• Assert someone’s identity
• You want your users to access remote services• Only worry about your own users
7
http://iamsect.ncl.ac.uk/
Federations
• Groups of Identity & Service Providers
• A set of agreed policies
• Mutual trust (via symmetric keys)
8
http://iamsect.ncl.ac.uk/
IAMSECT
• Inter-institutional Authorisation Management to Support eLearning with reference to Clinical Teaching
9
http://iamsect.ncl.ac.uk/
IAMSECT
• JISC funded
• Collaboration between Durham, Northumbria, Newcastle
• Shibboleth isn’t trivial
• Technical issues
• Managerial issues
• Confidentiality - Clinical Teaching
10
http://iamsect.ncl.ac.uk/
Demonstration #1 (theoretical)
• At present, theoretical
• Durham Blackboard (Service Provider)• Newcastle login (Identity Provider)
11
http://iamsect.ncl.ac.uk/
Demonstration #1
12
http://iamsect.ncl.ac.uk/
User attempts to access Service
13
http://iamsect.ncl.ac.uk/
http://duo.dur.ac.uk/
14
http://iamsect.ncl.ac.uk/
User redirected to ‘WAYF’
15
http://iamsect.ncl.ac.uk/
https://wayf.sdss.ac.uk/shibboleth-wayf/...
16
http://iamsect.ncl.ac.uk/
User selects their Identity Provider
17
http://iamsect.ncl.ac.uk/
https://weblogin.ncl.ac.uk/cgi-bin/index.cgi
18
http://iamsect.ncl.ac.uk/
I.P. authenticates User
Active Directory
19
http://iamsect.ncl.ac.uk/
User redirected back to Service
Active Directory
20
http://iamsect.ncl.ac.uk/
https://shib.ncl.ac.uk/shibboleth/HS?...
21
http://iamsect.ncl.ac.uk/
User accesses Service
Active Directory
22
http://iamsect.ncl.ac.uk/
http://duo.dur.ac.uk/
23
http://iamsect.ncl.ac.uk/
Demonstration #2 (live)
• EDINA BIOSIS e-journal Service
• SDSS federation WAYF
• Newcastle Identity Provider
24
http://iamsect.ncl.ac.uk/
Questions