1 / 17

Shibboleth

Shibboleth. The technology behind UCTrust A Federated Single Sign-on Software Open Source; developed by Internet2 Allows selective release of user information, based on home institution’s data release policy. Single Sign-On. Allows access to protected online resources

zarek
Download Presentation

Shibboleth

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Shibboleth • The technology behind UCTrust • A Federated Single Sign-onSoftware • Open Source; developed by Internet2 • Allows selective release of user information, based on home institution’s data release policy

  2. Single Sign-On • Allows access to protected online resources • Users logs in only once • Reduced administration • Increased Security

  3. Federated • Single Sign-On across institutions • User logs in using her home institution’s login ID to outside resources • Federation helps with coordinating policy and practices among participants • UC Trust

  4. Service Provider The “client” side Lives on your web server Handles authentication and access requests for your web server Modules available for Apache and IIS. Shibboleth Components SP

  5. Identity Provider The “Server” side Typically one per campus Responds to SP requests Logs in users Answer attribute query requests Shibboleth Components IdP

  6. “Where Are You From” Location Discover Service in Shibboleth 2.0 Lets user choose his/her home organization Shibboleth Components WAYF

  7. Associate Professor in Linguistics Bob needs to make travel arrangements for his upcoming conference Shibboleth in Action Bob

  8. Shibboleth in Action WebApp 1 SP web server 1 Bob visits the UC Travel Portal. IdP

  9. Shibboleth in Action WebApp 1 SP 2 web server 2 Bob isn’t logged in. The SP intercepts the request and redirects Bob to a campus IdP to login. IdP

  10. Shibboleth in Action WAYF WebApp 3 1 SP 2 web server 3 Oops! We don’t know where Bob’s from. SP sends Bob to WAYF so Bob can choose tell us who is his home campus. IdP

  11. Shibboleth in Action WAYF WebApp 4 3 1 SP 2 web server 4 Bob picks his campus. Now we can go to his home IdP. IdP

  12. Shibboleth in Action WAYF WebApp 4 3 1 SP 2 web server 5 5 Bob logs in at his home campus’s IdP. IdP

  13. Shibboleth in Action WAYF WebApp 4 3 1 SP 2 web server 6 5 6 6 The IdP process’s the login attempt. If successful, it sends Bob, along with information about Bob, back to the SP. IdP

  14. Shibboleth in Action WAYF WebApp 7 4 3 1 SP 2 web server 6 5 6 7 SP now has proof that Bob has successfully logged in. It forwards Bobs request onto the Travel Portal. IdP

  15. Shibboleth in Action WAYF WebApp 7 4 3 1 SP 2 web server 6 5 6 IdP

  16. Shibboleth Homehttp://shibboleth.internet2.eduIAMUCLAhttps://spaces.ais.ucla.edu/iamucla Shibboleth Connector for Confluence http://confluence.atlassian.com/display/CONFEXT/Shibboleth+Authenticator+for+Confluence TestShib http://www.testshib.org

  17. Installing a SP Demonstration

More Related