SlideShare une entreprise Scribd logo

Unicon July 2015 IAM Briefing

Télécharger en tant que PPTX, PDF
John Gasper
John Gasper

This document provides updates on CAS, Shibboleth, and Grouper from a briefing held on July 9, 2015. It summarizes recent releases and versions of each, upcoming events, community highlights, trends in identity and access management, and Unicon's contributions and support for the open source projects.

Technologie
1  sur  37
Unicon IAM Update CAS, Shibboleth, Grouper 09 July 2015 Jonathan Johnson • Misagh Moayyed • David Langenberg Audio is via Adobe Connect. There is no phone dial-in.
Welcome to this briefing • Updates on CAS, Shibboleth and Grouper • Unicon contributions to CAS, Shibboleth and Grouper • Unicon's Open Source Support • Q&A
Misagh Moayyed • IAM, Shibboleth, CAS, uPortal • Unicon’s Open Source Support for CAS technical lead
Jonathan (JJ) Johnson • IAM, Shibboleth, CAS, Grouper
David Langenberg • Grouper Developer, Internet2 • Shibboleth Trainer, InCommon LLC • IAM Architect, University of Chicago
Observations and Highlights
• Internet2 Global Summit: 26-30 Apr 2015 Washington D.C. • Educause Security Professionals Conf: 4-6 May Minneapolis, MN • Open Apereo: 31 May-4 June Baltimore, MD Past Events
•InCommon Shibboleth Workshop: 17-18 Sept 2015 Cupertino, CA •Internet2 2015 Technology Exchange: 4-7 Oct 2015 Cleveland, OH •InCommon Shibboleth Workshop: 19-20 Oct 2015 Arlington, TX Upcoming Events
Community Highlights
IAM Trends •MFA for Shibboleth, MFA for CAS, etc ○Device/Location aware features ○Risk-based AuthN •O365/ADFS Integration with CAS/Shibboleth •Grouper and Provisioning
Highlights About CAS
CAS Server Versions ●CAS Server v3.6.0 / v4.0.2 (12 Jun 2015) ■OAuth/OpenID bug fixes ■Localization and UI improvements ■Protocol URL/Parameter sanitizations ●CAS Server v4.0.3 (early next week) ■Security filter upgrade ■LDAP/LPPE bug fixes ■Localization/UTF-8 improvements ●CAS Server v4.1.0 (In development)
CAS 4.1 – Goodies https://youtu.be/P_GTXEAt5oU ● JSON Service Registry / RBAC ● Better Management Interface ● SLO/Logo/Logout url per application ● Password/PGT as attributes ● Many more...
CAS Server Security Filter https://github.com/Jasig/cas-server-security-filter • Suitable for patching-in-place deployments, vulnerable to CAS-protocol-input attacks. • v2.0.3 released 3-Jul-2015.
CAS NextGen https://wiki.jasig.org/display/CAS/CAS+4.2+Roadmap ●SAML SP / ADFS Proxy Support ●Better MFA Support ●SSO Sessions Dashboard ●Surrogate AuthN ●More…
Highlights About Shibboleth
Shibboleth Versions • Latest versions: • IdP v3.1.2 (1 Jul 2015) • SP v2.5.4 (19 Mar 2015) • New adopters are encouraged to use v3 • Current deployers to explore upgrades
• IdP v2.4.4 was released 25 Feb 2015, to address security issue; OpenSAML-J was also updated • IdP v2.4 end of life timeline (assuming you haven’t upgraded): Shibboleth 2.x Lifetime Dec 31, 2015 Plan to upgrade Feb 29, 2016 Done with upgrade Mar 31, 2016 Really done with upgrade July 31, 2016 IdP 2.x full EOL
Multi-Context Broker ● Analysis of Shib IdPv3 and MCB: https://wiki.shibboleth.net/confluence/x/EoEEAQ ● Believed to be generally un-needed in IdP v3; waiting for general guidance to be released.
IdP: OpenID Connect https://github.com/uchicago/shibboleth-oidc ● Community-effort to support OIDC protocol ● Sponsored by University of Chicago ● Developed by Unicon
Highlights About Grouper
Grouper v2.2.1 http://goo.gl/5LrGAR • Released 10 Nov 2014. • 36 patches available (21 since last briefing): • Selective PSP provisioning • Better UTF-8 character support • Lots of bug fixes http://software.internet2.edu/grouper/release/2.2.1/patches/
Highlights About Unicon Participation in CAS, Shibboleth and Grouper
Open Source Support • Support OSS as adopted by the community • Collaboration with community and subscribers • “Act in the best interest of the subscribers, the community, and the project”
CAS-related progress
CAS 4.X Enhancements • JSON Service Registry • Rest API improvements • SSO Sessions / AUP workflows • LDAP/LPPE bug fixes • ...
Other/Ongoing work • CAS WS-Fed module for CAS 4.0 https://github.com/Unicon/cas-adfs-integration • Allow a principal to authN as another https://github.com/UniconLabs/cas-surrogate-principal • Java CAS client: regex in proxy chains https://github.com/Jasig/java-cas-client
CAS Addons 3.5.X: https://github.com/Unicon/cas-addons 4.X: https://github.com/unicon-cas-addons • 3.15 and 3.16 released since last webinar • 4.x compatible versions are available as individual libraries instead of a monolithic library. • HazelcastTicketRegistry updated in April.
CAS MFA https://github.com/Unicon/cas-mfa • MFA Support based on CAS 3.5/3.6 • CAS proxying/Clearpass support • Trigger MFA via list/group membership.
Shibboleth-related progress
Shib-CAS AuthN v3 https://github.com/Unicon/shib-cas-authn3 • v3.0.0 • Shibboleth IdP v3.X support • Fixed encoding on entityId/service parameters. • v2.0.5 should be used with IdP 2.4.x
Other/Ongoing work • Hazelcast Session Storage https://github.com/UniconLabs/shib-hazelcast-storage-service • Duo Support for IdP v3 https://github.com/Unicon/shib-mfa-duo-auth • IdP v3 powered by Docker https://github.com/jtgasper3/docker-shibboleth-idp
Grouper-related progress
Grouper-related • Grouper Bugs: ○GRP-1137: Group copy issue related to hooks (reported and fixed by devs) ○GRP-1139: Grouper API reports non-fatal issues when multiple hook classes are specified (reported and fixed by Unicon) • Grouper-Demo for Docker: https://registry.hub.docker.com/u/unicon/grouper-demo • Grouper ESB AMQP Publisher https://github.com/Unicon/grouper-amqp-esb-publisher
Next Steps
What we do • Collaborate to maintain current stable recommended releases • Work towards next releases • Explore extensions and opportunities • Responsive to inputs from subscriber experiences • Feedback is especially welcome! • Learn from providing support • Empathize with your needs and projects
Questions / Discussion • Misagh Moayyed, Support for CAS Technical Lead mmoayyed@unicon.net • Jonathan (Jj) Johnson, jj@unicon.net • David Langenberg, dlangenberg@unicon.net

Recommandé

Unicon July 2015 IAM Briefing
Unicon July 2015 IAM BriefingUnicon July 2015 IAM Briefing
Unicon July 2015 IAM Briefing
John Gasper
 
Python Pune October Meetup 2015
Python Pune October Meetup 2015Python Pune October Meetup 2015
Python Pune October Meetup 2015
Abhijeet Kasurde
 
Unicon June 2014 IAM Briefing
Unicon June 2014 IAM BriefingUnicon June 2014 IAM Briefing
Unicon June 2014 IAM Briefing
John Gasper
 
Introducing GitLab (September 2018)
Introducing GitLab (September 2018)Introducing GitLab (September 2018)
Introducing GitLab (September 2018)
Noa Harel
 
The printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN HandbookThe printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN Handbook
Aarno Aukia
 
The Open Container Initiative (OCI) at 12 months
The Open Container Initiative (OCI) at 12 monthsThe Open Container Initiative (OCI) at 12 months
The Open Container Initiative (OCI) at 12 months
Chris Aniszczyk
 
PdxDevOps presentation - 2015/08/17
PdxDevOps presentation - 2015/08/17PdxDevOps presentation - 2015/08/17
PdxDevOps presentation - 2015/08/17
Rex Addiscentis
 
Gerrit Workshop
Gerrit WorkshopGerrit Workshop
Gerrit Workshop
Steffen Gebert
 

Recommandé

Unicon July 2015 IAM Briefing
Unicon July 2015 IAM BriefingUnicon July 2015 IAM Briefing
Unicon July 2015 IAM Briefing
John Gasper
 
Python Pune October Meetup 2015
Python Pune October Meetup 2015Python Pune October Meetup 2015
Python Pune October Meetup 2015
Abhijeet Kasurde
 
Unicon June 2014 IAM Briefing
Unicon June 2014 IAM BriefingUnicon June 2014 IAM Briefing
Unicon June 2014 IAM Briefing
John Gasper
 
Introducing GitLab (September 2018)
Introducing GitLab (September 2018)Introducing GitLab (September 2018)
Introducing GitLab (September 2018)
Noa Harel
 
The printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN HandbookThe printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN Handbook
Aarno Aukia
 
The Open Container Initiative (OCI) at 12 months
The Open Container Initiative (OCI) at 12 monthsThe Open Container Initiative (OCI) at 12 months
The Open Container Initiative (OCI) at 12 months
Chris Aniszczyk
 
PdxDevOps presentation - 2015/08/17
PdxDevOps presentation - 2015/08/17PdxDevOps presentation - 2015/08/17
PdxDevOps presentation - 2015/08/17
Rex Addiscentis
 
Gerrit Workshop
Gerrit WorkshopGerrit Workshop
Gerrit Workshop
Steffen Gebert
 
Introducing GitLab (September 2018)
Introducing GitLab (September 2018)Introducing GitLab (September 2018)
Introducing GitLab (September 2018)
Noa Harel
 
XWiki SAS: An open source company
XWiki SAS: An open source companyXWiki SAS: An open source company
XWiki SAS: An open source company
Vincent Massol
 
Introducing GitLab
Introducing GitLabIntroducing GitLab
Introducing GitLab
Taisuke Inoue
 
DevSecOps - Security in DevOps
DevSecOps - Security in DevOpsDevSecOps - Security in DevOps
DevSecOps - Security in DevOps
Aarno Aukia
 
Flex and .NET Integration
Flex and .NET IntegrationFlex and .NET Integration
Flex and .NET Integration
icaraion
 
Gerrit linuxtag2011
Gerrit linuxtag2011Gerrit linuxtag2011
Gerrit linuxtag2011
thkoch
 
Developing XWiki
Developing XWikiDeveloping XWiki
Developing XWiki
Vincent Massol
 
GitLab: One Tool for Software Development (2018-02-06 @ SEIUM, Braga, Portugal)
GitLab: One Tool for Software Development (2018-02-06 @ SEIUM, Braga, Portugal)GitLab: One Tool for Software Development (2018-02-06 @ SEIUM, Braga, Portugal)
GitLab: One Tool for Software Development (2018-02-06 @ SEIUM, Braga, Portugal)
Pedro Moreira da Silva
 
Thomson Reuters, TMS: Workflow in GitLab
Thomson Reuters, TMS: Workflow in GitLabThomson Reuters, TMS: Workflow in GitLab
Thomson Reuters, TMS: Workflow in GitLab
Matan Keidar
 
Running a Docker based Backend in the Cloud
Running a Docker based Backend in the CloudRunning a Docker based Backend in the Cloud
Running a Docker based Backend in the Cloud
Florian Feigenbutz
 
Slide: Introducing GitLab by ALMtoolbox
Slide: Introducing GitLab by ALMtoolboxSlide: Introducing GitLab by ALMtoolbox
Slide: Introducing GitLab by ALMtoolbox
Noa Harel
 
Introducing GitLab (June 2018)
Introducing GitLab (June 2018)Introducing GitLab (June 2018)
Introducing GitLab (June 2018)
Noa Harel
 
Introduction to Git
Introduction to GitIntroduction to Git
Introduction to Git
Ovidiu Dimulescu
 
Deploying Flask web app using OpenShift
Deploying Flask web app using OpenShiftDeploying Flask web app using OpenShift
Deploying Flask web app using OpenShift
Abhijeet Kasurde
 
Drupal 9 and Backwards Compatibility: Why now is the time to upgrade to Drupal 8
Drupal 9 and Backwards Compatibility: Why now is the time to upgrade to Drupal 8Drupal 9 and Backwards Compatibility: Why now is the time to upgrade to Drupal 8
Drupal 9 and Backwards Compatibility: Why now is the time to upgrade to Drupal 8
Angela Byron
 
OCTO On-Site Off-Site Update on D8 Roadmap
OCTO On-Site Off-Site Update on D8 RoadmapOCTO On-Site Off-Site Update on D8 Roadmap
OCTO On-Site Off-Site Update on D8 Roadmap
Angela Byron
 
XWiki Status - July 2015
XWiki Status - July 2015XWiki Status - July 2015
XWiki Status - July 2015
Vincent Massol
 
Open Container Initiative Update
Open Container Initiative UpdateOpen Container Initiative Update
Open Container Initiative Update
Chris Aniszczyk
 
Contributing to Open Source
Contributing to Open SourceContributing to Open Source
Contributing to Open Source
All Things Open
 
Creating a commercial PaaS offer based on Fiware
Creating a commercial PaaS offer based on Fiware Creating a commercial PaaS offer based on Fiware
Creating a commercial PaaS offer based on Fiware
Giovanni Coppa
 
Unicon Nov 2014 IAM Briefing
Unicon Nov 2014 IAM BriefingUnicon Nov 2014 IAM Briefing
Unicon Nov 2014 IAM Briefing
John Gasper
 
February 13th, 2014 - Unicon IAM Webinar Update
February 13th, 2014 - Unicon IAM Webinar UpdateFebruary 13th, 2014 - Unicon IAM Webinar Update
February 13th, 2014 - Unicon IAM Webinar Update
Misagh Moayyed
 

Contenu connexe

Tendances

GitLab: One Tool for Software Development (2018-02-06 @ SEIUM, Braga, Portugal)
GitLab: One Tool for Software Development (2018-02-06 @ SEIUM, Braga, Portugal)GitLab: One Tool for Software Development (2018-02-06 @ SEIUM, Braga, Portugal)
GitLab: One Tool for Software Development (2018-02-06 @ SEIUM, Braga, Portugal)
Pedro Moreira da Silva
 
Running a Docker based Backend in the Cloud
Running a Docker based Backend in the CloudRunning a Docker based Backend in the Cloud
Running a Docker based Backend in the Cloud
Florian Feigenbutz
 

Tendances (20)

Introducing GitLab (September 2018)
Introducing GitLab (September 2018)Introducing GitLab (September 2018)
Introducing GitLab (September 2018)
 
XWiki SAS: An open source company
XWiki SAS: An open source companyXWiki SAS: An open source company
XWiki SAS: An open source company
 
Introducing GitLab
Introducing GitLabIntroducing GitLab
Introducing GitLab
 
DevSecOps - Security in DevOps
DevSecOps - Security in DevOpsDevSecOps - Security in DevOps
DevSecOps - Security in DevOps
 
Flex and .NET Integration
Flex and .NET IntegrationFlex and .NET Integration
Flex and .NET Integration
 
Gerrit linuxtag2011
Gerrit linuxtag2011Gerrit linuxtag2011
Gerrit linuxtag2011
 
Developing XWiki
Developing XWikiDeveloping XWiki
Developing XWiki
 
GitLab: One Tool for Software Development (2018-02-06 @ SEIUM, Braga, Portugal)
GitLab: One Tool for Software Development (2018-02-06 @ SEIUM, Braga, Portugal)GitLab: One Tool for Software Development (2018-02-06 @ SEIUM, Braga, Portugal)
GitLab: One Tool for Software Development (2018-02-06 @ SEIUM, Braga, Portugal)
 
Thomson Reuters, TMS: Workflow in GitLab
Thomson Reuters, TMS: Workflow in GitLabThomson Reuters, TMS: Workflow in GitLab
Thomson Reuters, TMS: Workflow in GitLab
 
Running a Docker based Backend in the Cloud
Running a Docker based Backend in the CloudRunning a Docker based Backend in the Cloud
Running a Docker based Backend in the Cloud
 
Slide: Introducing GitLab by ALMtoolbox
Slide: Introducing GitLab by ALMtoolboxSlide: Introducing GitLab by ALMtoolbox
Slide: Introducing GitLab by ALMtoolbox
 
Introducing GitLab (June 2018)
Introducing GitLab (June 2018)Introducing GitLab (June 2018)
Introducing GitLab (June 2018)
 
Introduction to Git
Introduction to GitIntroduction to Git
Introduction to Git
 
Deploying Flask web app using OpenShift
Deploying Flask web app using OpenShiftDeploying Flask web app using OpenShift
Deploying Flask web app using OpenShift
 
Drupal 9 and Backwards Compatibility: Why now is the time to upgrade to Drupal 8
Drupal 9 and Backwards Compatibility: Why now is the time to upgrade to Drupal 8Drupal 9 and Backwards Compatibility: Why now is the time to upgrade to Drupal 8
Drupal 9 and Backwards Compatibility: Why now is the time to upgrade to Drupal 8
 
OCTO On-Site Off-Site Update on D8 Roadmap
OCTO On-Site Off-Site Update on D8 RoadmapOCTO On-Site Off-Site Update on D8 Roadmap
OCTO On-Site Off-Site Update on D8 Roadmap
 
XWiki Status - July 2015
XWiki Status - July 2015XWiki Status - July 2015
XWiki Status - July 2015
 
Open Container Initiative Update
Open Container Initiative UpdateOpen Container Initiative Update
Open Container Initiative Update
 
Contributing to Open Source
Contributing to Open SourceContributing to Open Source
Contributing to Open Source
 
Creating a commercial PaaS offer based on Fiware
Creating a commercial PaaS offer based on Fiware Creating a commercial PaaS offer based on Fiware
Creating a commercial PaaS offer based on Fiware
 

En vedette

En vedette (15)

Unicon Nov 2014 IAM Briefing
Unicon Nov 2014 IAM BriefingUnicon Nov 2014 IAM Briefing
Unicon Nov 2014 IAM Briefing
 
February 13th, 2014 - Unicon IAM Webinar Update
February 13th, 2014 - Unicon IAM Webinar UpdateFebruary 13th, 2014 - Unicon IAM Webinar Update
February 13th, 2014 - Unicon IAM Webinar Update
 
Latest CAS News 2014
Latest CAS News 2014Latest CAS News 2014
Latest CAS News 2014
 
CAS MFA 2014 Update
CAS MFA 2014 UpdateCAS MFA 2014 Update
CAS MFA 2014 Update
 
A tale of two factors: MFA with CAS
A tale of two factors: MFA with CASA tale of two factors: MFA with CAS
A tale of two factors: MFA with CAS
 
Cas iu-pres
Cas iu-presCas iu-pres
Cas iu-pres
 
Getting Started with CAS
Getting Started with CASGetting Started with CAS
Getting Started with CAS
 
OpenId Connect in Shibboleth Identity Provider
OpenId Connect in Shibboleth Identity ProviderOpenId Connect in Shibboleth Identity Provider
OpenId Connect in Shibboleth Identity Provider
 
How to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSHow to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFS
 
CAS IU Presentation
CAS IU PresentationCAS IU Presentation
CAS IU Presentation
 
CAS state of the project: Open Apereo 2015
CAS state of the project: Open Apereo 2015CAS state of the project: Open Apereo 2015
CAS state of the project: Open Apereo 2015
 
What’s new in cas 4.2
What’s new in cas 4.2 What’s new in cas 4.2
What’s new in cas 4.2
 
CAS State of the Project 2016
CAS State of the Project 2016CAS State of the Project 2016
CAS State of the Project 2016
 
Apereo CAS: State of the Project
Apereo CAS: State of the ProjectApereo CAS: State of the Project
Apereo CAS: State of the Project
 
2016 09-15 unicon-iam-update
2016 09-15 unicon-iam-update2016 09-15 unicon-iam-update
2016 09-15 unicon-iam-update
 

Similaire à Unicon July 2015 IAM Briefing

Dd13.2013.milano.open ntf
Dd13.2013.milano.open ntfDd13.2013.milano.open ntf
Dd13.2013.milano.open ntf
Ulrich Krause
 
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Yoshitake Kobayashi
 

Similaire à Unicon July 2015 IAM Briefing (20)

2014 Q4 IAM Open Source Support Program Update
2014 Q4 IAM Open Source Support Program Update2014 Q4 IAM Open Source Support Program Update
2014 Q4 IAM Open Source Support Program Update
 
Identity & Access Management Briefing
Identity & Access Management BriefingIdentity & Access Management Briefing
Identity & Access Management Briefing
 
Create Great CNCF User-Base from Lessons Learned from Other Open Source Commu...
Create Great CNCF User-Base from Lessons Learned from Other Open Source Commu...Create Great CNCF User-Base from Lessons Learned from Other Open Source Commu...
Create Great CNCF User-Base from Lessons Learned from Other Open Source Commu...
 
Create great cncf user base from lessons learned from other open source com...
Create great cncf user base from lessons learned from other open source com...Create great cncf user base from lessons learned from other open source com...
Create great cncf user base from lessons learned from other open source com...
 
The Latest and Greatest from OpenNTF and the IBM Social Business Toolkit, #dd13
The Latest and Greatest from OpenNTF and the IBM Social Business Toolkit, #dd13The Latest and Greatest from OpenNTF and the IBM Social Business Toolkit, #dd13
The Latest and Greatest from OpenNTF and the IBM Social Business Toolkit, #dd13
 
Equella Q1 2018 Quarterly Briefing
Equella Q1 2018 Quarterly BriefingEquella Q1 2018 Quarterly Briefing
Equella Q1 2018 Quarterly Briefing
 
Sakai Technical Future Musings
Sakai Technical Future MusingsSakai Technical Future Musings
Sakai Technical Future Musings
 
SmartNews's journey into microservices
SmartNews's journey into microservicesSmartNews's journey into microservices
SmartNews's journey into microservices
 
Open MPI SC'15 State of the Union BOF
Open MPI SC'15 State of the Union BOFOpen MPI SC'15 State of the Union BOF
Open MPI SC'15 State of the Union BOF
 
Dd13.2013.milano.open ntf
Dd13.2013.milano.open ntfDd13.2013.milano.open ntf
Dd13.2013.milano.open ntf
 
From CoreOS to Kubernetes and Concourse CI
From CoreOS to Kubernetes and Concourse CIFrom CoreOS to Kubernetes and Concourse CI
From CoreOS to Kubernetes and Concourse CI
 
How to Contribute to Cloud Native Computing Foundation
How to Contribute to Cloud Native Computing FoundationHow to Contribute to Cloud Native Computing Foundation
How to Contribute to Cloud Native Computing Foundation
 
How to contribute to cloud native computing foundation (CNCF)
How to contribute to cloud native computing foundation (CNCF)How to contribute to cloud native computing foundation (CNCF)
How to contribute to cloud native computing foundation (CNCF)
 
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
 
Introduction to Civil Infrastructure Platform
Introduction to Civil Infrastructure PlatformIntroduction to Civil Infrastructure Platform
Introduction to Civil Infrastructure Platform
 
LCA14: George Grey Keynote - LCA14
LCA14: George Grey Keynote - LCA14LCA14: George Grey Keynote - LCA14
LCA14: George Grey Keynote - LCA14
 
XWiki SAS development practices
XWiki SAS development practicesXWiki SAS development practices
XWiki SAS development practices
 
OpenNTF - The Lotus Notes and Domino Open Source Organization
OpenNTF - The Lotus Notes and Domino Open Source OrganizationOpenNTF - The Lotus Notes and Domino Open Source Organization
OpenNTF - The Lotus Notes and Domino Open Source Organization
 
DevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
DevOps on AWS: Accelerating Software Delivery with the AWS Developer ToolsDevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
DevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
 
Kibana globalization at the RTP meetup
Kibana globalization at the RTP meetupKibana globalization at the RTP meetup
Kibana globalization at the RTP meetup
 

Dernier

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Dernier (20)

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

Unicon July 2015 IAM Briefing

  • 1. Unicon IAM Update CAS, Shibboleth, Grouper 09 July 2015 Jonathan Johnson • Misagh Moayyed • David Langenberg Audio is via Adobe Connect. There is no phone dial-in.
  • 2. Welcome to this briefing • Updates on CAS, Shibboleth and Grouper • Unicon contributions to CAS, Shibboleth and Grouper • Unicon's Open Source Support • Q&A
  • 3. Misagh Moayyed • IAM, Shibboleth, CAS, uPortal • Unicon’s Open Source Support for CAS technical lead
  • 4. Jonathan (JJ) Johnson • IAM, Shibboleth, CAS, Grouper
  • 5. David Langenberg • Grouper Developer, Internet2 • Shibboleth Trainer, InCommon LLC • IAM Architect, University of Chicago
  • 7. • Internet2 Global Summit: 26-30 Apr 2015 Washington D.C. • Educause Security Professionals Conf: 4-6 May Minneapolis, MN • Open Apereo: 31 May-4 June Baltimore, MD Past Events
  • 8. •InCommon Shibboleth Workshop: 17-18 Sept 2015 Cupertino, CA •Internet2 2015 Technology Exchange: 4-7 Oct 2015 Cleveland, OH •InCommon Shibboleth Workshop: 19-20 Oct 2015 Arlington, TX Upcoming Events
  • 10. IAM Trends •MFA for Shibboleth, MFA for CAS, etc ○Device/Location aware features ○Risk-based AuthN •O365/ADFS Integration with CAS/Shibboleth •Grouper and Provisioning
  • 12. CAS Server Versions ●CAS Server v3.6.0 / v4.0.2 (12 Jun 2015) ■OAuth/OpenID bug fixes ■Localization and UI improvements ■Protocol URL/Parameter sanitizations ●CAS Server v4.0.3 (early next week) ■Security filter upgrade ■LDAP/LPPE bug fixes ■Localization/UTF-8 improvements ●CAS Server v4.1.0 (In development)
  • 13. CAS 4.1 – Goodies https://youtu.be/P_GTXEAt5oU ● JSON Service Registry / RBAC ● Better Management Interface ● SLO/Logo/Logout url per application ● Password/PGT as attributes ● Many more...
  • 14. CAS Server Security Filter https://github.com/Jasig/cas-server-security-filter • Suitable for patching-in-place deployments, vulnerable to CAS-protocol-input attacks. • v2.0.3 released 3-Jul-2015.
  • 15. CAS NextGen https://wiki.jasig.org/display/CAS/CAS+4.2+Roadmap ●SAML SP / ADFS Proxy Support ●Better MFA Support ●SSO Sessions Dashboard ●Surrogate AuthN ●More…
  • 17. Shibboleth Versions • Latest versions: • IdP v3.1.2 (1 Jul 2015) • SP v2.5.4 (19 Mar 2015) • New adopters are encouraged to use v3 • Current deployers to explore upgrades
  • 18. • IdP v2.4.4 was released 25 Feb 2015, to address security issue; OpenSAML-J was also updated • IdP v2.4 end of life timeline (assuming you haven’t upgraded): Shibboleth 2.x Lifetime Dec 31, 2015 Plan to upgrade Feb 29, 2016 Done with upgrade Mar 31, 2016 Really done with upgrade July 31, 2016 IdP 2.x full EOL
  • 19. Multi-Context Broker ● Analysis of Shib IdPv3 and MCB: https://wiki.shibboleth.net/confluence/x/EoEEAQ ● Believed to be generally un-needed in IdP v3; waiting for general guidance to be released.
  • 20. IdP: OpenID Connect https://github.com/uchicago/shibboleth-oidc ● Community-effort to support OIDC protocol ● Sponsored by University of Chicago ● Developed by Unicon
  • 22. Grouper v2.2.1 http://goo.gl/5LrGAR • Released 10 Nov 2014. • 36 patches available (21 since last briefing): • Selective PSP provisioning • Better UTF-8 character support • Lots of bug fixes http://software.internet2.edu/grouper/release/2.2.1/patches/
  • 23. Highlights About Unicon Participation in CAS, Shibboleth and Grouper
  • 24. Open Source Support • Support OSS as adopted by the community • Collaboration with community and subscribers • “Act in the best interest of the subscribers, the community, and the project”
  • 26. CAS 4.X Enhancements • JSON Service Registry • Rest API improvements • SSO Sessions / AUP workflows • LDAP/LPPE bug fixes • ...
  • 27. Other/Ongoing work • CAS WS-Fed module for CAS 4.0 https://github.com/Unicon/cas-adfs-integration • Allow a principal to authN as another https://github.com/UniconLabs/cas-surrogate-principal • Java CAS client: regex in proxy chains https://github.com/Jasig/java-cas-client
  • 28. CAS Addons 3.5.X: https://github.com/Unicon/cas-addons 4.X: https://github.com/unicon-cas-addons • 3.15 and 3.16 released since last webinar • 4.x compatible versions are available as individual libraries instead of a monolithic library. • HazelcastTicketRegistry updated in April.
  • 29. CAS MFA https://github.com/Unicon/cas-mfa • MFA Support based on CAS 3.5/3.6 • CAS proxying/Clearpass support • Trigger MFA via list/group membership.
  • 31. Shib-CAS AuthN v3 https://github.com/Unicon/shib-cas-authn3 • v3.0.0 • Shibboleth IdP v3.X support • Fixed encoding on entityId/service parameters. • v2.0.5 should be used with IdP 2.4.x
  • 32. Other/Ongoing work • Hazelcast Session Storage https://github.com/UniconLabs/shib-hazelcast-storage-service • Duo Support for IdP v3 https://github.com/Unicon/shib-mfa-duo-auth • IdP v3 powered by Docker https://github.com/jtgasper3/docker-shibboleth-idp
  • 34. Grouper-related • Grouper Bugs: ○GRP-1137: Group copy issue related to hooks (reported and fixed by devs) ○GRP-1139: Grouper API reports non-fatal issues when multiple hook classes are specified (reported and fixed by Unicon) • Grouper-Demo for Docker: https://registry.hub.docker.com/u/unicon/grouper-demo • Grouper ESB AMQP Publisher https://github.com/Unicon/grouper-amqp-esb-publisher
  • 36. What we do • Collaborate to maintain current stable recommended releases • Work towards next releases • Explore extensions and opportunities • Responsive to inputs from subscriber experiences • Feedback is especially welcome! • Learn from providing support • Empathize with your needs and projects
  • 37. Questions / Discussion • Misagh Moayyed, Support for CAS Technical Lead mmoayyed@unicon.net • Jonathan (Jj) Johnson, jj@unicon.net • David Langenberg, dlangenberg@unicon.net

Notes de l'éditeur

  1. Unicon's CAS strategy* Participate directly in CAS* Develop open source software on behalf of clients* Inform maintenance development through supportYou have to source your support somewhere* In-house staff* Goodwill and engagement of the community* Commercial partner (e.g., Unicon)* (Reality Often combination of these)Unicon's "Cooperative" Support* Cooperates with you, your staff, the community* Support experiences yield improved public documentation* Support-inspired and subscriber-needs-guided open source maintenance development** Directly in and available for adoption with the Jasig CAS softwareThank you to our support subscribers!* Support subscriptions make Unicon maintenance development possible* Support experiences and subscriber input guide Unicon maintenance development towards the worthwhile