UF Peer2Peer: Identity Provider update, Shibboleth, and SAML

Transcript

1. None

2. Shibboleth changes Peer2Peer April 2013 Martin Smith [email protected] www.it.ufl.edu

3. Quick reference IdP - Identity Provider SP - Service Provider

   InC - InCommon www.it.ufl.edu

4. Background statistics over last year www.it.ufl.edu

5. Background statistics over last year www.it.ufl.edu

6. Login page (March 2013) www.it.ufl.edu

7. Other templates (March 2013) www.it.ufl.edu

8. Other templates (March 2013) https://webservices.it.ufl.edu/ - UF Web Templates -

   UF Shibboleth templates Newer service provider packages: - allow you to unpack these anywhere - Have stopped shipping with 'dragonbird' -we recommend /ufl-shibboleth- templates www.it.ufl.edu

9. Service Provider upgrade (April 2013) - CNS Linux infr. -

   4/28 & 5/12 - Simpler configuration - Default to better cookie settings - No more privileged user - NativeSPConfigurationChanges in wiki.shibboleth.net www.it.ufl.edu

10. - InCommon's Assurance Program Good security and identity practices help

    ensure that an individual using an electronic credential is the person you think it is. Once security and practices are put in place, we need some custom code to lookup assurance in our database. IdP silver login handler (2013) www.it.ufl.edu

11. Research and Scholarship (April 2013) - See InCommon collaborate wiki

    - UF will enable this in production on 4/21, beta IdP from 4/15 (Mon.) - Interesting configuration changes on our end... www.it.ufl.edu

12. IdP credential change (2013) - SAML metadata and federations? -

    Best practice: Unify IdP's keypair usage both in InCommon's federation and the local 'UF Federation' - Requires metadata rollover for the IdP, plus later switchover - SP awareness is a critical piece www.it.ufl.edu

13. UFAD Groups (2013) - Working on a way to pull

    these from UFAD using DirSync API - Probably requires some cleanup - Hoping for 15 minute latency - Usual problems of representing a tree structure in a list www.it.ufl.edu

14. www.it.ufl.edu

15. InCommon Service Provider (2013) - incommon-sp.login.ufl.edu - SPs that need

    to accept credentials from other Institutions - Check out the UX on ours - Requires we put your SP's metadata in the InCommon MD www.it.ufl.edu

16. IdP upgrade - Currently on v2.3.5 - v2.3.8 is available,

    but v2.4 looks like it could come out before we get there - At this point, not a big change www.it.ufl.edu

17. IAM "big rock" project www.it.ufl.edu

18. Grouper - "Help collaboration happen" - Factor out duplicated group

    data in various systems, then share it - Allow set operations on groups e.g. 'all users in an e-Learning course except students' - Feed this data downstream - Programmatic access www.it.ufl.edu

19. Grouper www.it.ufl.edu

20. Questions? www.it.ufl.edu

21. www.it.ufl.edu

22. None