Upgrade to Pro — share decks privately, control downloads, hide ads and more …

EduCloud Auth (SSO) status

EduCloud Alliance
March 03, 2015
Technology
0
210

EduCloud Auth (SSO) status

Henri Mikkonen (CSC)

EduCloud Alliance

March 03, 2015
Tweet

More Decks by EduCloud Alliance

See All by EduCloud Alliance
EduCloud Alliance – Standardising digital learning resource market
educloudalliance
0
250
EduCloud Auth (SSO) status 17-3-2015
educloudalliance
0
140
Pilviympäristöt koulussa 2016
educloudalliance
0
230
EduCloud palvelukokonaisuus
educloudalliance
0
140
EduCloud - Estonia-Finland Business Dev meeting 26.11.2014
educloudalliance
0
280
Julkinen ja yksityinen sektori yhteistyössä yli rajojen
educloudalliance
0
110
Suomen eOppimisen neuvottelukunnan tilaisuus Espoossa
educloudalliance
0
170
EduCloud - Estonia Business Dev meeting 19.9.2014
educloudalliance
0
170
Pedagoginen tietohallinto -seminaarin esitys
educloudalliance
0
150

Other Decks in Technology

See All in Technology
[Keynote] Production is like ultra running: brutal, ungrateful, but worth every step
colinfay
0
110
生成AIで文化を創造する(ChatGPT作成タイトル)
sbtechnight
PRO
0
350
Kafka Consumers at Naver
dongjin
0
180
Pwning Old WebKit for Fun and Profit
hhc0null
0
320
Wrangler って何だ?-ちょっとよく分からないのでCloudflareのCLIツールを深掘りしてみる-
kentosuzuki
0
130
Oracle Exadata Database Service on [email protected] ([email protected]) - UI スクリーン・キャプチャ集
oracle4engineer
PRO
0
280
エンジニアのためのドキュメントライティング / Docs for Developers
iwashi86
20
6.2k
権威DNSサービスへのDDoSと
ハイパフォーマンスなベンチマーカ / DNS Pseudo random subdomain attack and High performance Benchmarker
kazeburo
3
810
S3からBigQueryへ閉域ネットワーク経由でデータ転送する方法
sbtechnight
PRO
0
340
CSS-in-JS は本当にもうだめなのか?
you5805
1
1.6k
CloudFront + S3環境から Cloudflare R2 + Workers環境に移行した話
teckl
3
1.2k
Autonomous Database Cloud 技術詳細 / adb-s_technical_detail_jp
oracle4engineer
PRO
10
24k

Featured

See All Featured
Build your cross-platform service in a week with App Engine
jlugia
221
17k
Making the Leap to Tech Lead
cromwellryan
117
7.7k
How to Ace a Technical Interview
jacobian
270
22k
Thoughts on Productivity
jonyablonski
50
2.8k
Support Driven Design
roundedbygravity
88
8.9k
Making Projects Easy
brettharned
102
4.9k
It's Worth the Effort
3n
177
26k
Fireside Chat
paigeccino
16
2k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
2
460
From Idea to $5000 a Month in 5 Months
shpigford
374
44k
Building Applications with DynamoDB
mza
86
5k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
101
6.2k

Transcript

  1. EduCloud Auth – Status 3.3.2015

    View Slide

  2. Contents
    Architecture (recap from Tallinn)
    Proxy IdP
    Authentication Selector Service
    2

    View Slide

  3. 3

    View Slide

  4. 4

    View Slide

  5. Proxy IdP
    Initially a new authentication provider for the existing
    EduCloud SSO pilot-instance, later will replace it
    – Up to the production operator to decide between one “big” proxy or a
    set of proxies (e.g. social proxy, strong authn proxy, etc)
    Developed by CSC, running in Pouta cloud
    Based on Shibboleth open source software
    – Co-operation with the Finnish Population Register Centre’s national
    proxy implementation project
    5

    View Slide

  6. 6
    Authentication
    Providers
    Service
    Providers
    Proxy IdP
    1. Authn ID calculation
    2. Oppija ID resolution
    Opintopolku
    Stores links between
    Authn ID and Oppija ID
    SAML: Static User ID
    SAML: Oppija ID
    REST: Resolve Oppija ID for Authn ID

    View Slide

  7. Proxy IdP – Action points
    Authentication ID –calculation algorithm
    – Input: static user ID from the authentication provider
    – Output: privacy-preserving authentication ID (will be stored to the
    Opintopolku system)
    SAML profile definition
    – “global” role attributes, IdP and SP connections, authentication levels
    Opintopolku connection
    Back-channel API
    – SAML AttributeQuery (SOAP) vs. new REST API
    7

    View Slide

  8. Authentication Selector Service
    Needed for linking the existing student ID (oppija ID) to
    a user-selected authentication method
    – Invitator: e.g. teacher, secretary
    – Invitee: student, who can select his preferred authentication method
    Specification for the first version has been done
    – Web UI, supporting invitation via email or “live”
    Back-channel API will be developed later, if needed
    – Invitator & invitee authentication via IdP proxy (SAML)
    – https://github.com/educloudalliance/educloud-sso/wiki/Authn-Selector-Service
    8

    View Slide

  9. 9

    View Slide