170 likes | 313 Vues
Shibboleth. The technology behind UCTrust A Federated Single Sign-on Software Open Source; developed by Internet2 Allows selective release of user information, based on home institution’s data release policy. Single Sign-On. Allows access to protected online resources
 
                
                E N D
Shibboleth • The technology behind UCTrust • A Federated Single Sign-onSoftware • Open Source; developed by Internet2 • Allows selective release of user information, based on home institution’s data release policy
Single Sign-On • Allows access to protected online resources • Users logs in only once • Reduced administration • Increased Security
Federated • Single Sign-On across institutions • User logs in using her home institution’s login ID to outside resources • Federation helps with coordinating policy and practices among participants • UC Trust
Service Provider The “client” side Lives on your web server Handles authentication and access requests for your web server Modules available for Apache and IIS. Shibboleth Components SP
Identity Provider The “Server” side Typically one per campus Responds to SP requests Logs in users Answer attribute query requests Shibboleth Components IdP
“Where Are You From” Location Discover Service in Shibboleth 2.0 Lets user choose his/her home organization Shibboleth Components WAYF
Associate Professor in Linguistics Bob needs to make travel arrangements for his upcoming conference Shibboleth in Action Bob
Shibboleth in Action WebApp 1 SP web server 1 Bob visits the UC Travel Portal. IdP
Shibboleth in Action WebApp 1 SP 2 web server 2 Bob isn’t logged in. The SP intercepts the request and redirects Bob to a campus IdP to login. IdP
Shibboleth in Action WAYF WebApp 3 1 SP 2 web server 3 Oops! We don’t know where Bob’s from. SP sends Bob to WAYF so Bob can choose tell us who is his home campus. IdP
Shibboleth in Action WAYF WebApp 4 3 1 SP 2 web server 4 Bob picks his campus. Now we can go to his home IdP. IdP
Shibboleth in Action WAYF WebApp 4 3 1 SP 2 web server 5 5 Bob logs in at his home campus’s IdP. IdP
Shibboleth in Action WAYF WebApp 4 3 1 SP 2 web server 6 5 6 6 The IdP process’s the login attempt. If successful, it sends Bob, along with information about Bob, back to the SP. IdP
Shibboleth in Action WAYF WebApp 7 4 3 1 SP 2 web server 6 5 6 7 SP now has proof that Bob has successfully logged in. It forwards Bobs request onto the Travel Portal. IdP
Shibboleth in Action WAYF WebApp 7 4 3 1 SP 2 web server 6 5 6 IdP
Shibboleth Homehttp://shibboleth.internet2.eduIAMUCLAhttps://spaces.ais.ucla.edu/iamucla Shibboleth Connector for Confluence http://confluence.atlassian.com/display/CONFEXT/Shibboleth+Authenticator+for+Confluence TestShib http://www.testshib.org
Installing a SP Demonstration