Access Management with Shibboleth - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

Access Management with Shibboleth

Description:

What we learned and the obstacles we came up against along the way ... Kudos within college. 21 / 22. How to find out more.. Check out our project website ... – PowerPoint PPT presentation

Number of Views:55
Avg rating:3.0/5.0
Slides: 23
Provided by: steve964
Category:

less

Transcript and Presenter's Notes

Title: Access Management with Shibboleth


1
Access Management with Shibboleth Athensthe
way forward Leeds University Tuesday 23 January
2007
2
Shibboleth SandwichPart 1 WALRUS
3
Wakefield College a case study
  • The background to why we took on the project
  • What we learned and the obstacles we came up
    against along the way
  • Our experience and thoughts as we near towards
    the end of the project

4
Background
  • Wakefield College is a multi-site middle sized FE
    college
  • The college started using Athens as its access
    management system in 2003
  • Small HE provision, but an important cohort
  • In late August 2005 approached by Vice Principal
    and handed call for proposal documentation

5
Initial Barriers
  • Beginning of a new academic year
  • Staff shortages
  • Impending inspection
  • Not enough time?
  • BUT
  • We wanted to do something positive and develop
    the service

6
Why we went ahead
  • Our understanding was that
  • It would be easier to access the resources
  • Less administration
  • There would be support offered by JISC, MATU
  • Athens was changing in 2008
  • We would be funded in the project by JISC to be
    early adopters (buy server, extra staffing)
  • It is the direction access management is moving
    towards

7
How we went about it
  • Attended workshops with other early adopters and
    networked
  • Contacted institutions who were already
    implementing Shib and set up visits
  • Had regular project meetings, kept a blog on
    project website of what we did

8
Shibboleth SandwichPart 2 Implementation
9
Implementing Shibboleth
  • Initiating the project
  • Understanding Shibboleth (if you like?)
  • Installing Shibboleth
  • Refinements
  • Recommendations
  • About me
  • Technical, but not a technician
  • Warranty!

10
Initiating the Project
  • Our starting point
  • Athens with IP registration
  • Organisation (Library, ILT, IT Support)
  • Network (MS Windows 2003 SP1)
  • User Directory (ADSI, linked to CIS)
  • Staff skills (MS Windows, networking, complex
    software)
  • Our initial assumptions
  • Simple web service at a high level
  • Just another system installation (pushing text -
    easy)
  • Shibboleth as a black box
  • Simple technical project (emphasising embedding)

11
Understanding Shibboleth
Browser/POST Profile Attribute Exchange
12
Installing Shibboleth 1
  • Information sources
  • OSS documentation (everything but Windows, not
    step-by-step)
  • New server to isolate the development
  • Certificates
  • Now available free
  • Keep a copy of your private key!
  • Allows a secure conversation with federation
  • Test federation (InQueue)
  • Software
  • Sequence of installation (Java, Tomcat,
    Shibboleth)
  • Not friendly (xml text files to adjust
    configuration)
  • Simply couldnt get it to work within MS IIS

13
Installing Shibboleth 2
  • Support
  • MATU by phone (4 hrs) and an onsite visit
  • MATU couldnt make it work on IIS
  • Made a late decision to switch from IIS to Apache
    (much simpler)
  • It worked! (Test federation and username)
  • Subsequent answer for IIS, but stayed with Apache

14
Refinements
  • Registered for SDSS with help
  • Became more familiar with configuration
  • Discussed privacy concluded safe
  • Created permission sets distinguishing staff and
    learners (parameter passing)
  • Registered for UK Access Federation (very easy)

15
Outcomes and Recommendations
  • Outcomes
  • We felt we could have done it with Apache
  • Service should be happy to share a server, but we
    still have it separate
  • Shibboleth itself
  • Not Microsoft friendly
  • Skills overhead and OSS at odds with FE culture
  • Documentation doesnt meet commercial
    expectations
  • Enjoyed the challenge
  • Recommendations
  • Get specific Shibboleth low level training
  • Get skills before starting
  • Java SDK, XML, Certificates, Tomcat, Apache,
    SAML, ADSI, firewalls, network protocols
  • Consider waiting for federated access support in
    MS Windows

16
Shibboleth SandwichPart 3 Conclusions
17
Was it all worth it?
  • yes.
  • the 3 P reasons

18
Practical
  • Simple secure access to e-resources
  • No ATHENS administration
  • Access management is changing weve just got in
    there early!

19
Professional
  • Better cross team working relationships
  • Good CPD opportunities

20
Publicity
  • Emphasis on marketing and promotion
  • ACE
  • Kudos within college

21
How to find out more..
  • Check out our project website
  • www.wakefield.ac.uk/projects/walrus
  • Contact us
  • c.buckley_at_wakefield.ac.uk
  • s.bell_at_wakefield.ac.uk
  • h.sherwood_at_wakefield.ac.uk

22
Thank you
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Access Management with Shibboleth" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!