Upgrade to Pro — share decks privately, control downloads, hide ads and more …

UF Peer2Peer: Identity Provider update, Shibboleth, and SAML

9ad2a5355d8cfa842e24b7a4322b2535?s=47 Martin Smith
April 16, 2013
23

UF Peer2Peer: Identity Provider update, Shibboleth, and SAML

9ad2a5355d8cfa842e24b7a4322b2535?s=128

Martin Smith

April 16, 2013
Tweet

Transcript

  1. None
  2. Shibboleth changes Peer2Peer April 2013 Martin Smith smithmb@ufl.edu www.it.ufl.edu

  3. Quick reference IdP - Identity Provider SP - Service Provider

    InC - InCommon www.it.ufl.edu
  4. Background statistics over last year www.it.ufl.edu

  5. Background statistics over last year www.it.ufl.edu

  6. Login page (March 2013) www.it.ufl.edu

  7. Other templates (March 2013) www.it.ufl.edu

  8. Other templates (March 2013) https://webservices.it.ufl.edu/ - UF Web Templates -

    UF Shibboleth templates Newer service provider packages: - allow you to unpack these anywhere - Have stopped shipping with 'dragonbird' -we recommend /ufl-shibboleth- templates www.it.ufl.edu
  9. Service Provider upgrade (April 2013) - CNS Linux infr. -

    4/28 & 5/12 - Simpler configuration - Default to better cookie settings - No more privileged user - NativeSPConfigurationChanges in wiki.shibboleth.net www.it.ufl.edu
  10. - InCommon's Assurance Program Good security and identity practices help

    ensure that an individual using an electronic credential is the person you think it is. Once security and practices are put in place, we need some custom code to lookup assurance in our database. IdP silver login handler (2013) www.it.ufl.edu
  11. Research and Scholarship (April 2013) - See InCommon collaborate wiki

    - UF will enable this in production on 4/21, beta IdP from 4/15 (Mon.) - Interesting configuration changes on our end... www.it.ufl.edu
  12. IdP credential change (2013) - SAML metadata and federations? -

    Best practice: Unify IdP's keypair usage both in InCommon's federation and the local 'UF Federation' - Requires metadata rollover for the IdP, plus later switchover - SP awareness is a critical piece www.it.ufl.edu
  13. UFAD Groups (2013) - Working on a way to pull

    these from UFAD using DirSync API - Probably requires some cleanup - Hoping for 15 minute latency - Usual problems of representing a tree structure in a list www.it.ufl.edu
  14. www.it.ufl.edu

  15. InCommon Service Provider (2013) - incommon-sp.login.ufl.edu - SPs that need

    to accept credentials from other Institutions - Check out the UX on ours - Requires we put your SP's metadata in the InCommon MD www.it.ufl.edu
  16. IdP upgrade - Currently on v2.3.5 - v2.3.8 is available,

    but v2.4 looks like it could come out before we get there - At this point, not a big change www.it.ufl.edu
  17. IAM "big rock" project www.it.ufl.edu

  18. Grouper - "Help collaboration happen" - Factor out duplicated group

    data in various systems, then share it - Allow set operations on groups e.g. 'all users in an e-Learning course except students' - Feed this data downstream - Programmatic access www.it.ufl.edu
  19. Grouper www.it.ufl.edu

  20. Questions? www.it.ufl.edu

  21. www.it.ufl.edu

  22. None