Upgrade to Pro — share decks privately, control downloads, hide ads and more …

UF Peer2Peer: Identity Provider update, Shibboleth, and SAML

Martin Smith
April 16, 2013

UF Peer2Peer: Identity Provider update, Shibboleth, and SAML

Martin Smith

April 16, 2013


  1. Other templates (March 2013) https://webservices.it.ufl.edu/ - UF Web Templates -

    UF Shibboleth templates Newer service provider packages: - allow you to unpack these anywhere - Have stopped shipping with 'dragonbird' -we recommend /ufl-shibboleth- templates www.it.ufl.edu
  2. Service Provider upgrade (April 2013) - CNS Linux infr. -

    4/28 & 5/12 - Simpler configuration - Default to better cookie settings - No more privileged user - NativeSPConfigurationChanges in wiki.shibboleth.net www.it.ufl.edu
  3. - InCommon's Assurance Program Good security and identity practices help

    ensure that an individual using an electronic credential is the person you think it is. Once security and practices are put in place, we need some custom code to lookup assurance in our database. IdP silver login handler (2013) www.it.ufl.edu
  4. Research and Scholarship (April 2013) - See InCommon collaborate wiki

    - UF will enable this in production on 4/21, beta IdP from 4/15 (Mon.) - Interesting configuration changes on our end... www.it.ufl.edu
  5. IdP credential change (2013) - SAML metadata and federations? -

    Best practice: Unify IdP's keypair usage both in InCommon's federation and the local 'UF Federation' - Requires metadata rollover for the IdP, plus later switchover - SP awareness is a critical piece www.it.ufl.edu
  6. UFAD Groups (2013) - Working on a way to pull

    these from UFAD using DirSync API - Probably requires some cleanup - Hoping for 15 minute latency - Usual problems of representing a tree structure in a list www.it.ufl.edu
  7. InCommon Service Provider (2013) - incommon-sp.login.ufl.edu - SPs that need

    to accept credentials from other Institutions - Check out the UX on ours - Requires we put your SP's metadata in the InCommon MD www.it.ufl.edu
  8. IdP upgrade - Currently on v2.3.5 - v2.3.8 is available,

    but v2.4 looks like it could come out before we get there - At this point, not a big change www.it.ufl.edu
  9. Grouper - "Help collaboration happen" - Factor out duplicated group

    data in various systems, then share it - Allow set operations on groups e.g. 'all users in an e-Learning course except students' - Feed this data downstream - Programmatic access www.it.ufl.edu