Transcript Shibboleth 2.0 IdP Training: Introduction

Shibboleth 2.0 IdP
Training:
Introduction
January, 2009
•
•
Before Lunch
Introduction
IdP Basics and Installation
•
•
After Lunch
Authentication
Attributes
Productionalization
•
•
•
•
•
•
Federated Identity
Management
Distributed identity management system
Enterprises trust each other to provide
information
Security/privacy protection
Shibboleth
• Open source enterprise federated
•
•
•
•
single sign on software
Project started in 2000, first release
2003
Current version 2.1
Standards based (SAML)
Widely used in education &
government environments
•
•
•
•
•
•
SAML
Security Access Markup Language
XML-based standard for authentication and
authorization data interchange
Identity Provider – producer of assertions
Service Provider – consumer of assertions
Current Version: 2.0
Shibboleth 2.0 implements SAML 2.0
•
•
•
•
•
How it works
The user tries to access a protected
application
The user tells the application where they
are from
The user logs in at “home”
The user’s home tells the application
about the user
The application accepts or rejects the
user
How it works
How it works
(Shibboleth 2)
How it works
(Shibboleth 1.3)
How it works (Demo)
•
•
•
Shibboleth Identity
Provider (IdP)
Java Servlet application
Runs in any Java Servlet 2.4 container
Does not contain attributes or logins
Connects to authoritative sources
•
•
•
•
•
•
•
What uses
Shibboleth?
Microsoft Dreamspark
Apple iTunesU
Elsevier ScienceDirect
ExLibris MetaLib
Google Apps
. . .lots more. . .
•
•
•
Federations
Trusted communities with common user
bases and applications
Can provide metadata, rules, auditing,
advertising of services, etc.
Not required for Shibboleth
Federation for CHECO
•
TBD