$30 off During Our Annual Pro Sale. View Details »

UF Peer2Peer: Identity Provider update, Shibboleth, and SAML

Martin Smith
April 16, 2013
0
47

UF Peer2Peer: Identity Provider update, Shibboleth, and SAML

Martin Smith

April 16, 2013
Tweet

More Decks by Martin Smith

See All by Martin Smith
How HashiCorp SREs Built HCP's Incident Management Program
martinb3
0
25
Writing & Maintaining an Open Source Backup Tool in Python on AWS
martinb3
0
190
DevOps & Remote Work in Gainesville
martinb3
0
190
Reaping the rewards of Remote Friendly DevOps
martinb3
2
190
Cooking Up Elasticsearch with Chef at elastic{on}
martinb3
0
260
Going Serverless with AWS Lambda
martinb3
1
410
Little Brother is Watching Your Live Stream
martinb3
0
170
Spotlight on CoreOS
martinb3
0
180
What is the Chef Development Kit
martinb3
0
250

Featured

See All Featured
The Art of Programming - Codeland 2020
erikaheidi
39
12k
Done Done
chrislema
178
15k
Designing Experiences People Love
moore
133
23k
From Idea to $5000 a Month in 5 Months
shpigford
376
45k
Building Better People: How to give real-time feedback that sticks.
wjessup
349
18k
Designing with Data
zakiwarfel
93
4.6k
Mobile First: as difficult as doing things right
swwweet
214
8.3k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
0
1.1k
Building Adaptive Systems
keathley
29
1.6k
Six Lessons from altMBA
skipperchong
18
2.7k
Writing Fast Ruby
sferik
615
59k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
352
21k

Transcript

  1. View Slide

  2. Shibboleth changes
    Peer2Peer
    April 2013
    Martin Smith
    [email protected]
    www.it.ufl.edu

    View Slide

  3. Quick reference
    IdP - Identity Provider
    SP - Service Provider
    InC - InCommon
    www.it.ufl.edu

    View Slide

  4. Background statistics over last year
    www.it.ufl.edu

    View Slide

  5. Background statistics over last year
    www.it.ufl.edu

    View Slide

  6. Login page (March 2013)
    www.it.ufl.edu

    View Slide

  7. Other templates (March 2013)
    www.it.ufl.edu

    View Slide

  8. Other templates (March 2013)
    https://webservices.it.ufl.edu/
    - UF Web Templates
    - UF Shibboleth templates
    Newer service provider packages:
    - allow you to unpack these anywhere
    - Have stopped shipping with
    'dragonbird'
    -we recommend /ufl-shibboleth-
    templates
    www.it.ufl.edu

    View Slide

  9. Service Provider upgrade (April 2013)
    - CNS Linux infr. - 4/28 & 5/12
    - Simpler configuration
    - Default to better cookie settings
    - No more privileged user
    - NativeSPConfigurationChanges in
    wiki.shibboleth.net
    www.it.ufl.edu

    View Slide

  10. - InCommon's Assurance Program
    Good security and identity practices
    help ensure that an individual using
    an electronic credential is the person
    you think it is.
    Once security and practices are put in
    place, we need some custom code to
    lookup assurance in our database.
    IdP silver login handler (2013)
    www.it.ufl.edu

    View Slide

  11. Research and Scholarship (April 2013)
    - See InCommon collaborate wiki
    - UF will enable this in production on
    4/21, beta IdP from 4/15 (Mon.)
    - Interesting configuration changes
    on our end...
    www.it.ufl.edu

    View Slide

  12. IdP credential change (2013)
    - SAML metadata and federations?
    - Best practice: Unify IdP's keypair
    usage both in InCommon's federation
    and the local 'UF Federation'
    - Requires metadata rollover for the
    IdP, plus later switchover
    - SP awareness is a critical piece
    www.it.ufl.edu

    View Slide

  13. UFAD Groups (2013)
    - Working on a way to pull these
    from UFAD using DirSync API
    - Probably requires some cleanup
    - Hoping for 15 minute latency
    - Usual problems of representing a
    tree structure in a list
    www.it.ufl.edu

    View Slide

  14. www.it.ufl.edu

    View Slide

  15. InCommon Service Provider (2013)
    - incommon-sp.login.ufl.edu
    - SPs that need to accept
    credentials from other Institutions
    - Check out the UX on ours
    - Requires we put your SP's
    metadata in the InCommon MD
    www.it.ufl.edu

    View Slide

  16. IdP upgrade
    - Currently on v2.3.5
    - v2.3.8 is available, but v2.4 looks
    like it could come out before we
    get there
    - At this point, not a big change
    www.it.ufl.edu

    View Slide

  17. IAM "big rock" project
    www.it.ufl.edu

    View Slide

  18. Grouper
    - "Help collaboration happen"
    - Factor out duplicated group data in
    various systems, then share it
    - Allow set operations on groups
    e.g. 'all users in an e-Learning
    course except students'
    - Feed this data downstream
    - Programmatic access
    www.it.ufl.edu

    View Slide

  19. Grouper
    www.it.ufl.edu

    View Slide

  20. Questions?
    www.it.ufl.edu

    View Slide

  21. www.it.ufl.edu

    View Slide

  22. View Slide