UF Peer2Peer: Identity Provider update, Shibboleth, and SAML

Slide 1

Slide 1 text

No content

Slide 2

Slide 2 text

Shibboleth changes Peer2Peer April 2013 Martin Smith smithmb@ufl.edu www.it.ufl.edu

Slide 3

Slide 3 text

Quick reference IdP - Identity Provider SP - Service Provider InC - InCommon www.it.ufl.edu

Slide 4

Slide 4 text

Background statistics over last year www.it.ufl.edu

Slide 5

Slide 5 text

Background statistics over last year www.it.ufl.edu

Slide 6

Slide 6 text

Slide 7

Slide 7 text

Other templates (March 2013) www.it.ufl.edu

Slide 8

Slide 8 text

Other templates (March 2013) https://webservices.it.ufl.edu/ - UF Web Templates - UF Shibboleth templates Newer service provider packages: - allow you to unpack these anywhere - Have stopped shipping with 'dragonbird' -we recommend /ufl-shibboleth- templates www.it.ufl.edu

Slide 9

Slide 9 text

Service Provider upgrade (April 2013) - CNS Linux infr. - 4/28 & 5/12 - Simpler configuration - Default to better cookie settings - No more privileged user - NativeSPConfigurationChanges in wiki.shibboleth.net www.it.ufl.edu

Slide 10

Slide 10 text

- InCommon's Assurance Program Good security and identity practices help ensure that an individual using an electronic credential is the person you think it is. Once security and practices are put in place, we need some custom code to lookup assurance in our database. IdP silver login handler (2013) www.it.ufl.edu

Slide 11

Slide 11 text

Research and Scholarship (April 2013) - See InCommon collaborate wiki - UF will enable this in production on 4/21, beta IdP from 4/15 (Mon.) - Interesting configuration changes on our end... www.it.ufl.edu

Slide 12

Slide 12 text

IdP credential change (2013) - SAML metadata and federations? - Best practice: Unify IdP's keypair usage both in InCommon's federation and the local 'UF Federation' - Requires metadata rollover for the IdP, plus later switchover - SP awareness is a critical piece www.it.ufl.edu

Slide 13

Slide 13 text

UFAD Groups (2013) - Working on a way to pull these from UFAD using DirSync API - Probably requires some cleanup - Hoping for 15 minute latency - Usual problems of representing a tree structure in a list www.it.ufl.edu

Slide 14

Slide 14 text

www.it.ufl.edu

Slide 15

Slide 15 text

InCommon Service Provider (2013) - incommon-sp.login.ufl.edu - SPs that need to accept credentials from other Institutions - Check out the UX on ours - Requires we put your SP's metadata in the InCommon MD www.it.ufl.edu

Slide 16

Slide 16 text

IdP upgrade - Currently on v2.3.5 - v2.3.8 is available, but v2.4 looks like it could come out before we get there - At this point, not a big change www.it.ufl.edu

Slide 17

Slide 17 text

IAM "big rock" project www.it.ufl.edu

Slide 18

Slide 18 text

Grouper - "Help collaboration happen" - Factor out duplicated group data in various systems, then share it - Allow set operations on groups e.g. 'all users in an e-Learning course except students' - Feed this data downstream - Programmatic access www.it.ufl.edu