1 / 8

Shibboleth Install Fest

Become a Shibboleth expert and learn how to install, configure, and test Shibboleth for secure attribute release. Join us and discover the power of this identity provider solution.

irvings
Download Presentation

Shibboleth Install Fest

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Shibboleth Install Fest Shib as confessional. Who knew? Bless you, my child. Read the SAML standard three times and sin no more. - RL "Bob"

  2. Diverse Environments • Many authentication methods, many not web-based • Many attribute sources; most don’t have eduPerson populated; quite a few have no attribute source at all • Different levels of technical savvy • Different scales of user communities • Resources in the middle of the room as well as the front 2

  3. Diverse Goals • Some common use cases • No shortage of cool applications • Biggest challenge is making technology execute policy 3

  4. What You’ve Already Done • SSH access to the machine hosting the origin • Apache with SSL support • Some sort of Apache authentication scheme • For many of you, this will be mod_auth • Enterprise Attribute Store • For many of you, this will be Ann Arbor • Tomcat or similar Java Servlet Engine • mod_jk or mod_jk2 4

  5. What We Will Do Today • Join InQueue • Download, unpackage, and install Shibboleth • Configure Tomcat • Configure Apache & the auth/n system • Get Bossie Certificates • Configure Shibboleth • Test Shibboleth • Connect Shibboleth to an Attribute Source • Test your origin against many targets 5

  6. Simplified Identity Provider Architecture Apache WebISO Tomcat Coyote mod_jk Shibboleth HS Target Shibboleth AA mod_ssl OpenSSL ARP’s Attribute Store 6

  7. Most Configuration Servlet URL’s SSL Attribute Sourcing Attribute Release Policies Logging & Auditing Tomcat Trusted Roots & Sites origin.xml workers2.properties httpd.conf resolver.xml /conf/arps/ origin.xml, log4j.properties server.xml ca-bundle.crt, trust.xml, sites.xml Configuration Locations 7

  8. Next Steps • Join shibboleth-users@internet2.edu • Expand Surrounding Infrastructure • Move to Production • InCommon • Real Certs • Harden the Identity Service Provider • Free Consulting Session • Your Cool App Here 8

More Related