SlideShare une entreprise Scribd logo

Identity Management Overview: CAS and Shibboleth

Andrew Petro
Andrew Petro

This document provides an overview of the CAS (Central Authentication Service) and Shibboleth identity management systems. It describes CAS as an open source single sign-on system that allows web applications to avoid storing user passwords by redirecting authentication to a central service. Shibboleth is described as enterprise federated identity software based on SAML standards that allows secure sharing of user attributes between identity providers and service providers across security domains. The document also summarizes Unicon's consulting services for implementing and customizing CAS and Shibboleth identity solutions.

Technologie
1  sur  35
Télécharger pour lire hors ligne
Identity Management Overview CAS and Shibboleth Andrew Petro, Unicon John Lewis, Unicon Adam Dolby, VASCO 15 December 2009 Copyright Unicon, Inc., 2009. Some Rights Reserved. This work is licensed under a Creative Commons Attribution NonCommercial Share Alike 3.0 United States License. http://creativecommons.org/licenses/by-nc-sa/3.0/us/ Some content drawn from prior presentations at Jasig conferences.
About Unicon IT Consulting Services for Education, Specializing in Open Source IT Consulting Services • Technology Delivery and Support • Systems Integration • Software Engineering Open Source Technology Solutions • Enterprise Portal • Identity Management • Learning Management • Email and Collaboration For more information about Unicon, please visit: http://www.unicon.net Contact us at: 480-558-2400 or info@unicon.net
Jasig CAS in 15 Minutes Andrew Petro Unicon, Inc. See also http://www.unicon.net/blog/3/ten_minute_cas_intro
What is CAS? open source single sign on for the Web
Multi-Sign-On for the Web
At Least with One Username/Password?
All Applications Touch Passwords
Any Compromise Leaks Primary Credentials
Adversary Then Can Run Wild
The Solution • What if there were only one login form in your organization, only one application trusted to touch primary credentials?
Delete Your Login Forms
Webapps No Longer Touch Passwords
Adversary Compromises Only Single Apps
Webapps No Longer Touch Passwords
Provided Authentication Handlers • LDAP • RADIUS – Fast bind • SPNEGO – Search and bind • Trusted • Active Directory • X.509 certificates – LDAP • Writing a custom – Kerberos (JAAS) authentication handler is easy • JAAS • JDBC
What About Portals? Need to go get interesting content from different systems. •E-mail •Calendar •E-Learning •Student Information System
Password Replay Password- PW Protected Service PW PW PW Channel PW Password- PW PW Protected Channel Service PW PW PW Password- Portal Channel Protected Service PW
Look Ma, No Password! • Without a password to replay, how am I going ? to authenticate my portal to other applications?
“Proxy” CAS • Some Web applications “proxy” authentication to backing services on behalf of the user • “Proxied” applications/services may themselves proxy authentication to others • CAS authenticates both the end user and the proxy
CAS – More than Authentication • Return attributes of logged on users • Adding support for standards – OpenID – SAML • Single Sign-Out • RESTful API • Support for clustering • Services management • Remember me (long-term SSO)
CAS Integration Libraries • Java • Drupal module • Spring Security • uPortal • PHP • Liferay • Apache Module • Sakai • ASP • TikiWiki • Python • ... • Ruby • ...
Unicon Services for CAS • Implementation Planning • Branding and User Experience • Installation and Configuration • Custom Development • Consulting and Mentoring • CASification of uPortal, Sakai, and other applications • Upgrades For more information, please visit http://www.unicon.net/services/cas
Questions? Andrew Petro apetro@unicon.net www.unicon.net
Shibboleth & Federated Identities 25
Shibboleth  Enterprise federated identity software − Based on standards (principally SAML) − Extensive architectural work to integrate with existing systems − Designed for deployment by communities  Most widely used in education, government  Broadly adopted in Europe  2.0 release implements SAML 2 − Backward compatible with 1.3
Shibboleth Project  Free & Open Source − Apache 2.0 license  Enterprise and Federation oriented  Started 2000 with first released code in 2003  Excellent community support − http://shibboleth.internet2.edu − shibboleth-announce@internet2.edu
Why Federated Identity?  Authoritative information − Users, privileges, attributes  Improved security − Fewer user accounts in the world  Privacy when needed − Fine control over attribute sharing  Saves time & money − Less work administrating users
What Is SAML?  Security Assertion Markup Language (SAML)  XML-based Open Standard  Exchange authentication and authorization data between security domains − Identity Provider (a producer of assertions) − Service Provider (a consumer of assertions)  Approved by OASIS Security Services − SAML 1.0 November 2002 − SAML 2.0 March 2005
Major SAML Applications  Proquest  Microsoft DreamSpark  Project MUSE  Moodle, Joomla, Drupal  Thomson Gale  JSTOR, ArtSTOR, OCLC  Elsevier ScienceDirect  Blackboard & WebCT  Google Apps  WebAssign & TurnItIn  ExLibris MetaLib  MediaWiki / Confluence  Sakai & Moodle  uPortal  National Institutes of Health  DSpace, Fedora  National Digital Science Library  Ovid
How Federated Identity Works  A user tries to access a protected application  The user tells the application where it’s from  The user logs in at home  Home tells the application about the user  The user is rejected or accepted
32
Role of a Federation  Agreed upon Attribute Definitions − Group, Role, Unique Identifier, Courses, …  Criteria for IdM & IdP practices − user accounts, credentialing, personal information stewardship, interoperability standards, technologies, ...  Digital Certificates  Trusted “notary” for all members  Not needed for Federated IdM, but does make things even easier
InCommon Federation  Federation for U.S. Higher Education & Research (and Partners)  Over Three Million Users  163 Organizations  Self-organizing & Heterogeneous  Policy Entrance bar intentionally set low  Doesn’t impose lots of rules and standards  http://www.incommonfederation.org/
Questions? John Lewis jlewis@unicon.net www.unicon.net

Recommandé

Authentication and Single Sing on
Authentication and Single Sing onAuthentication and Single Sing on
Authentication and Single Sing onguest648519
 
Jasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesJasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesAndrew Petro
 
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)Artur Barseghyan
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onCraig Dickson
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS EnhancementGuo Albert
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-OnFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-Onelliando dias
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementManish Harsh
 
SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ONShambhavi Sahay
 

Recommandé

Authentication and Single Sing on
Authentication and Single Sing onAuthentication and Single Sing on
Authentication and Single Sing onguest648519
 
Jasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesJasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesAndrew Petro
 
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)Artur Barseghyan
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onCraig Dickson
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS EnhancementGuo Albert
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-OnFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-Onelliando dias
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementManish Harsh
 
SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ONShambhavi Sahay
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Đỗ Duy Trung
 
Java EE Application Security With PicketLink
Java EE Application Security With PicketLinkJava EE Application Security With PicketLink
Java EE Application Security With PicketLinkpigorcraveiro
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Kenneth Peeples
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_securityMarco Morana
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOOliver Mueller
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuthDan Brinkmann
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Anil Saldanha
 
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLAlfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLJ V
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0Mika Koivisto
 
Introduction to PicketLink
Introduction to PicketLinkIntroduction to PicketLink
Introduction to PicketLinkJBUG London
 
Saml in cloud
Saml in cloudSaml in cloud
Saml in cloudNagraj Rao
 
SAML and Liferay
SAML and LiferaySAML and Liferay
SAML and LiferayMika Koivisto
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101Mike Schwartz
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 Michael Noel
 
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 
Authentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetAuthentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetShivanand Arur
 
Securing Applications With Picketlink
Securing Applications With PicketlinkSecuring Applications With Picketlink
Securing Applications With PicketlinkAnil Saldanha
 
Single Sign On Considerations
Single Sign On ConsiderationsSingle Sign On Considerations
Single Sign On ConsiderationsVenkat Gattamaneni
 
Security in java ee platform: what is included, what is missing
Security in java ee platform: what is included, what is missingSecurity in java ee platform: what is included, what is missing
Security in java ee platform: what is included, what is missingMasoud Kalali
 
SSO introduction
SSO introductionSSO introduction
SSO introductionAidy Tificate
 
Real World Identity Managment
Real World Identity ManagmentReal World Identity Managment
Real World Identity ManagmentJohn Lewis
 
Portal as UI of SOA
Portal as UI of SOAPortal as UI of SOA
Portal as UI of SOAAndrew Petro
 

Contenu connexe

Tendances

Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Đỗ Duy Trung
 
Java EE Application Security With PicketLink
Java EE Application Security With PicketLinkJava EE Application Security With PicketLink
Java EE Application Security With PicketLinkpigorcraveiro
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Kenneth Peeples
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_securityMarco Morana
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOOliver Mueller
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Anil Saldanha
 
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLAlfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLJ V
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0Mika Koivisto
 
Introduction to PicketLink
Introduction to PicketLinkIntroduction to PicketLink
Introduction to PicketLinkJBUG London
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 Michael Noel
 
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 
Authentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetAuthentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetShivanand Arur
 
Securing Applications With Picketlink
Securing Applications With PicketlinkSecuring Applications With Picketlink
Securing Applications With PicketlinkAnil Saldanha
 
Security in java ee platform: what is included, what is missing
Security in java ee platform: what is included, what is missingSecurity in java ee platform: what is included, what is missing
Security in java ee platform: what is included, what is missingMasoud Kalali
 

Tendances (20)

Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?
 
Java EE Application Security With PicketLink
Java EE Application Security With PicketLinkJava EE Application Security With PicketLink
Java EE Application Security With PicketLink
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSO
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?
 
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLAlfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0
 
Introduction to PicketLink
Introduction to PicketLinkIntroduction to PicketLink
Introduction to PicketLink
 
Saml in cloud
Saml in cloudSaml in cloud
Saml in cloud
 
SAML and Liferay
SAML and LiferaySAML and Liferay
SAML and Liferay
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
 
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
 
Authentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetAuthentication and Authorization in Asp.Net
Authentication and Authorization in Asp.Net
 
Securing Applications With Picketlink
Securing Applications With PicketlinkSecuring Applications With Picketlink
Securing Applications With Picketlink
 
Single Sign On Considerations
Single Sign On ConsiderationsSingle Sign On Considerations
Single Sign On Considerations
 
Security in java ee platform: what is included, what is missing
Security in java ee platform: what is included, what is missingSecurity in java ee platform: what is included, what is missing
Security in java ee platform: what is included, what is missing
 
SSO introduction
SSO introductionSSO introduction
SSO introduction
 

Similaire à Identity Management Overview: CAS and Shibboleth

Real World Identity Managment
Real World Identity ManagmentReal World Identity Managment
Real World Identity ManagmentJohn Lewis
 
Portal as UI of SOA
Portal as UI of SOAPortal as UI of SOA
Portal as UI of SOAAndrew Petro
 
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour WebinarShibboleth Guided Tour Webinar
Shibboleth Guided Tour WebinarJohn Lewis
 
Eunis federation2
Eunis federation2Eunis federation2
Eunis federation2HEAnet
 
TechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile ComputingTechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile ComputingAvtex
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethChris Phillips
 
WSO2Con US 2013 - The Integration Game Changer: WSO2 Integration Cloud
WSO2Con US 2013 - The Integration Game Changer: WSO2 Integration CloudWSO2Con US 2013 - The Integration Game Changer: WSO2 Integration Cloud
WSO2Con US 2013 - The Integration Game Changer: WSO2 Integration CloudWSO2
 
WSO2Con 2013 - The Integration Game Changer: WSO2 Integration Cloud
WSO2Con 2013 - The Integration Game Changer: WSO2 Integration CloudWSO2Con 2013 - The Integration Game Changer: WSO2 Integration Cloud
WSO2Con 2013 - The Integration Game Changer: WSO2 Integration CloudAfkham Azeez
 
Acquia Business Mandate Deck Final
Acquia Business Mandate Deck FinalAcquia Business Mandate Deck Final
Acquia Business Mandate Deck FinalAcquia
 
Building and packaging highly scalable services for maximum market penetratio...
Building and packaging highly scalable services for maximum market penetratio...Building and packaging highly scalable services for maximum market penetratio...
Building and packaging highly scalable services for maximum market penetratio...Ontico
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborationsjbasney
 
Enterprise Content Sharing Bots & AI
Enterprise Content Sharing Bots & AIEnterprise Content Sharing Bots & AI
Enterprise Content Sharing Bots & AISam Fernando
 
VanyaSehgal_Resume
VanyaSehgal_ResumeVanyaSehgal_Resume
VanyaSehgal_ResumeVANYA SEHGAL
 
Challenges In Building Enterprise Mashups - Rick B
Challenges In Building Enterprise Mashups - Rick BChallenges In Building Enterprise Mashups - Rick B
Challenges In Building Enterprise Mashups - Rick BRoopa Nadkarni
 
5 challenges in_building_enterprise_mashups-rick_b
5 challenges in_building_enterprise_mashups-rick_b5 challenges in_building_enterprise_mashups-rick_b
5 challenges in_building_enterprise_mashups-rick_bIBM
 
CANARIE Eduroam and Shibboleth Lessons & Areas of interest
CANARIE Eduroam and Shibboleth Lessons & Areas of interestCANARIE Eduroam and Shibboleth Lessons & Areas of interest
CANARIE Eduroam and Shibboleth Lessons & Areas of interestChris Phillips
 
Web 2.0 in the Enterprise
Web 2.0 in the EnterpriseWeb 2.0 in the Enterprise
Web 2.0 in the EnterpriseUfuk Kılıç
 
Alex Wade, Digital Library Interoperability
Alex Wade, Digital Library InteroperabilityAlex Wade, Digital Library Interoperability
Alex Wade, Digital Library Interoperabilityparker01
 
Learning Forum London 2010 - Summary for CAPLA 2010
Learning Forum London 2010 - Summary for CAPLA 2010Learning Forum London 2010 - Summary for CAPLA 2010
Learning Forum London 2010 - Summary for CAPLA 2010Don Presant
 
University of Glasgow Eduserv Event Sharepoint
University of Glasgow Eduserv Event SharepointUniversity of Glasgow Eduserv Event Sharepoint
University of Glasgow Eduserv Event SharepointDiane Montgomery
 

Similaire à Identity Management Overview: CAS and Shibboleth (20)

Real World Identity Managment
Real World Identity ManagmentReal World Identity Managment
Real World Identity Managment
 
Portal as UI of SOA
Portal as UI of SOAPortal as UI of SOA
Portal as UI of SOA
 
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour WebinarShibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
 
Eunis federation2
Eunis federation2Eunis federation2
Eunis federation2
 
TechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile ComputingTechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile Computing
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
 
WSO2Con US 2013 - The Integration Game Changer: WSO2 Integration Cloud
WSO2Con US 2013 - The Integration Game Changer: WSO2 Integration CloudWSO2Con US 2013 - The Integration Game Changer: WSO2 Integration Cloud
WSO2Con US 2013 - The Integration Game Changer: WSO2 Integration Cloud
 
WSO2Con 2013 - The Integration Game Changer: WSO2 Integration Cloud
WSO2Con 2013 - The Integration Game Changer: WSO2 Integration CloudWSO2Con 2013 - The Integration Game Changer: WSO2 Integration Cloud
WSO2Con 2013 - The Integration Game Changer: WSO2 Integration Cloud
 
Acquia Business Mandate Deck Final
Acquia Business Mandate Deck FinalAcquia Business Mandate Deck Final
Acquia Business Mandate Deck Final
 
Building and packaging highly scalable services for maximum market penetratio...
Building and packaging highly scalable services for maximum market penetratio...Building and packaging highly scalable services for maximum market penetratio...
Building and packaging highly scalable services for maximum market penetratio...
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
 
Enterprise Content Sharing Bots & AI
Enterprise Content Sharing Bots & AIEnterprise Content Sharing Bots & AI
Enterprise Content Sharing Bots & AI
 
VanyaSehgal_Resume
VanyaSehgal_ResumeVanyaSehgal_Resume
VanyaSehgal_Resume
 
Challenges In Building Enterprise Mashups - Rick B
Challenges In Building Enterprise Mashups - Rick BChallenges In Building Enterprise Mashups - Rick B
Challenges In Building Enterprise Mashups - Rick B
 
5 challenges in_building_enterprise_mashups-rick_b
5 challenges in_building_enterprise_mashups-rick_b5 challenges in_building_enterprise_mashups-rick_b
5 challenges in_building_enterprise_mashups-rick_b
 
CANARIE Eduroam and Shibboleth Lessons & Areas of interest
CANARIE Eduroam and Shibboleth Lessons & Areas of interestCANARIE Eduroam and Shibboleth Lessons & Areas of interest
CANARIE Eduroam and Shibboleth Lessons & Areas of interest
 
Web 2.0 in the Enterprise
Web 2.0 in the EnterpriseWeb 2.0 in the Enterprise
Web 2.0 in the Enterprise
 
Alex Wade, Digital Library Interoperability
Alex Wade, Digital Library InteroperabilityAlex Wade, Digital Library Interoperability
Alex Wade, Digital Library Interoperability
 
Learning Forum London 2010 - Summary for CAPLA 2010
Learning Forum London 2010 - Summary for CAPLA 2010Learning Forum London 2010 - Summary for CAPLA 2010
Learning Forum London 2010 - Summary for CAPLA 2010
 
University of Glasgow Eduserv Event Sharepoint
University of Glasgow Eduserv Event SharepointUniversity of Glasgow Eduserv Event Sharepoint
University of Glasgow Eduserv Event Sharepoint
 

Dernier

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Dernier (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Identity Management Overview: CAS and Shibboleth

  • 1. Identity Management Overview CAS and Shibboleth Andrew Petro, Unicon John Lewis, Unicon Adam Dolby, VASCO 15 December 2009 Copyright Unicon, Inc., 2009. Some Rights Reserved. This work is licensed under a Creative Commons Attribution NonCommercial Share Alike 3.0 United States License. http://creativecommons.org/licenses/by-nc-sa/3.0/us/ Some content drawn from prior presentations at Jasig conferences.
  • 2. About Unicon IT Consulting Services for Education, Specializing in Open Source IT Consulting Services • Technology Delivery and Support • Systems Integration • Software Engineering Open Source Technology Solutions • Enterprise Portal • Identity Management • Learning Management • Email and Collaboration For more information about Unicon, please visit: http://www.unicon.net Contact us at: 480-558-2400 or info@unicon.net
  • 3. Jasig CAS in 15 Minutes Andrew Petro Unicon, Inc. See also http://www.unicon.net/blog/3/ten_minute_cas_intro
  • 4. What is CAS? open source single sign on for the Web
  • 6. At Least with One Username/Password?
  • 8. Any Compromise Leaks Primary Credentials
  • 10. The Solution • What if there were only one login form in your organization, only one application trusted to touch primary credentials?
  • 12. Webapps No Longer Touch Passwords
  • 14.
  • 15. Webapps No Longer Touch Passwords
  • 16. Provided Authentication Handlers • LDAP • RADIUS – Fast bind • SPNEGO – Search and bind • Trusted • Active Directory • X.509 certificates – LDAP • Writing a custom – Kerberos (JAAS) authentication handler is easy • JAAS • JDBC
  • 17. What About Portals? Need to go get interesting content from different systems. •E-mail •Calendar •E-Learning •Student Information System
  • 18. Password Replay Password- PW Protected Service PW PW PW Channel PW Password- PW PW Protected Channel Service PW PW PW Password- Portal Channel Protected Service PW
  • 19. Look Ma, No Password! • Without a password to replay, how am I going ? to authenticate my portal to other applications?
  • 20. “Proxy” CAS • Some Web applications “proxy” authentication to backing services on behalf of the user • “Proxied” applications/services may themselves proxy authentication to others • CAS authenticates both the end user and the proxy
  • 21. CAS – More than Authentication • Return attributes of logged on users • Adding support for standards – OpenID – SAML • Single Sign-Out • RESTful API • Support for clustering • Services management • Remember me (long-term SSO)
  • 22. CAS Integration Libraries • Java • Drupal module • Spring Security • uPortal • PHP • Liferay • Apache Module • Sakai • ASP • TikiWiki • Python • ... • Ruby • ...
  • 23. Unicon Services for CAS • Implementation Planning • Branding and User Experience • Installation and Configuration • Custom Development • Consulting and Mentoring • CASification of uPortal, Sakai, and other applications • Upgrades For more information, please visit http://www.unicon.net/services/cas
  • 24. Questions? Andrew Petro apetro@unicon.net www.unicon.net
  • 26. Shibboleth  Enterprise federated identity software − Based on standards (principally SAML) − Extensive architectural work to integrate with existing systems − Designed for deployment by communities  Most widely used in education, government  Broadly adopted in Europe  2.0 release implements SAML 2 − Backward compatible with 1.3
  • 27. Shibboleth Project  Free & Open Source − Apache 2.0 license  Enterprise and Federation oriented  Started 2000 with first released code in 2003  Excellent community support − http://shibboleth.internet2.edu − shibboleth-announce@internet2.edu
  • 28. Why Federated Identity?  Authoritative information − Users, privileges, attributes  Improved security − Fewer user accounts in the world  Privacy when needed − Fine control over attribute sharing  Saves time & money − Less work administrating users
  • 29. What Is SAML?  Security Assertion Markup Language (SAML)  XML-based Open Standard  Exchange authentication and authorization data between security domains − Identity Provider (a producer of assertions) − Service Provider (a consumer of assertions)  Approved by OASIS Security Services − SAML 1.0 November 2002 − SAML 2.0 March 2005
  • 30. Major SAML Applications  Proquest  Microsoft DreamSpark  Project MUSE  Moodle, Joomla, Drupal  Thomson Gale  JSTOR, ArtSTOR, OCLC  Elsevier ScienceDirect  Blackboard & WebCT  Google Apps  WebAssign & TurnItIn  ExLibris MetaLib  MediaWiki / Confluence  Sakai & Moodle  uPortal  National Institutes of Health  DSpace, Fedora  National Digital Science Library  Ovid
  • 31. How Federated Identity Works  A user tries to access a protected application  The user tells the application where it’s from  The user logs in at home  Home tells the application about the user  The user is rejected or accepted
  • 32. 32
  • 33. Role of a Federation  Agreed upon Attribute Definitions − Group, Role, Unique Identifier, Courses, …  Criteria for IdM & IdP practices − user accounts, credentialing, personal information stewardship, interoperability standards, technologies, ...  Digital Certificates  Trusted “notary” for all members  Not needed for Federated IdM, but does make things even easier
  • 34. InCommon Federation  Federation for U.S. Higher Education & Research (and Partners)  Over Three Million Users  163 Organizations  Self-organizing & Heterogeneous  Policy Entrance bar intentionally set low  Doesn’t impose lots of rules and standards  http://www.incommonfederation.org/
  • 35. Questions? John Lewis jlewis@unicon.net www.unicon.net