Title: Shibboleth Hopkins
1Shibboleth _at_ Hopkins
2Agenda
- Web Access Management
- Shibboleth
- Benefits
- Federation
- InCommon
- JISC Shibboleth Demo
- Demo
- Questions?
3Web Access Management (WAM)
- Provides Central
- Authentication (AuthN)
- Authorization (AuthZ)
- Attributes
- Reduced Sign On \ Single Sign On (RSO \ SSO)
- Web Applications
- WAM _at_ Hopkins
- CAs SiteMinder
- Shibboleth
- Active Directory Federated Services (Future)
4Shibboleth
- Standards-based, Open source middleware
- Web Single Sign On
- Attribute exchange
- Components
- IDP Identity Provider
- SP Service Provider
- WAYF Where Are You From
5Shibboleth
6Benefits
- Simplify Authorization
- Increased Security
- Reduce user names and passwords remembered
- Collaborate with peers at other institutions
7Federation
- What is a federation?
- Group of organizations
- Agree on common policies and practices
- Share common set of attributes about users
- InCommon Federation
- Hub and Spoke
8Federations around the world
- UK UK Federation http//www.ukfederation.org.uk
/ - Switzerland SWITCHaai http//www.switch.ch/aai
- France CRU http//federation.cru.fr/cru/index-
en.html - Finland HAKA http//www.csc.fi/english/institu
tions/haka - Australia MAMS http//www.federation.org.au/Fe
dManager/jsp/index.jsp - Denmark DK-AAI http//www.statsbiblioteket.dk/A
AI/index.jsp - Germany DFN-AAI http//www.dfn.de/dienstleistun
gen/dfnaai/ - US InCommon http//www.incommonfederation.org
- US E-Authentication http//cio.gov/eauthenticatio
n/
9InCommon Federation
- Serving more than 1.3 million users
- 45 Higher Education participants
- 17 Sponsored participants
- JSTOR, RefWorks, WebAssign
- National Institutes of Health
10JISC Shibboleth Demo
http//www.mimas.ac.uk/shibboleth/documentation/Sh
ibboleth20vs20Athens.ppt
11Shibboleth Login
12Shibboleth Login
1. User wants a given resource
13Shibboleth Login
2. User is prompted to login
14Shibboleth Login
User presses login button
15Shibboleth Login
User presses login button
16Shibboleth Login
3. Where Are You From? service is contacted
17Shibboleth Login
4. User is prompted for their home institution
18Shibboleth Login
User selects their home institution from
drop-down list
19Shibboleth Login
User selects their home institution from
drop-down list
20Shibboleth Login
5. Selected institution is returned to WAYF
21Shibboleth Login
6. Home institution is contacted
22Shibboleth Login
7. User is prompted for home credentials
23Shibboleth Login
User enters credentials at home institution
24Shibboleth Login
User enters credentials at home institution
25Shibboleth Login
8. Credentials sent to home institution
26Shibboleth Login
9. Shibboleth handle sent to Service Provider
27Shibboleth Login
9. Shibboleth handle sent to Service Provider
28Shibboleth Login
9. Shibboleth handle sent to Service Provider
29Shibboleth Login
10. Attributes are requested from home
institution
30Shibboleth Login
11. Attributes are returned to the Service
Provider
31Shibboleth Login
An authorisation decision is made based on
attributes received
32Shibboleth Login
12. User is given access to the resource
33Shibboleth Login
12. User is given access to the resource
34Demo
- Journal Storage
- External InCommon Federation
- www.jstor.org
- Johns Hopkins Mailing List Service
- Internal Blue Jay Federation
- https//lists.johnshopkins.edu/sympa
35Questions?
- For more information please contact
- Andrew Baldwin andrew.baldwin_at_jhu.edu
- Enterprise Authentication Team
enterpriseauth_at_jhmi.edu
36Sources
- Shibboleth wiki
- https//spaces.internet2.edu/display/SHIB/WebHome
- Switch
- http//www.switch.ch/aai
- JISC PPT Demo
- http//www.mimas.ac.uk/shibboleth/documentation/Sh
ibboleth20vs20Athens.ppt - InCommon
- http//www.incommonfederation.org