Shibboleth 2.0 IdP Training: Introduction

1
Shibboleth 2.0 IdP TrainingIntroduction

• January, 2009

2

• Before Lunch
• Introduction
• IdP Basics and Installation
• After Lunch
• Authentication
• Attributes
• Productionalization

3
Federated Identity Management

• Distributed identity management system
• Enterprises trust each other to provide
  information
• Security/privacy protection

4
Shibboleth

• Open source enterprise federated single sign on
  software
• Project started in 2000, first release 2003
• Current version 2.1
• Standards based (SAML)
• Widely used in education government environments

5
SAML

• Security Access Markup Language
• XML-based standard for authentication and
  authorization data interchange
• Identity Provider producer of assertions
• Service Provider consumer of assertions
• Current Version 2.0
• Shibboleth 2.0 implements SAML 2.0

6
How it works

• The user tries to access a protected application
• The user tells the application where they are
  from
• The user logs in at home
• The users home tells the application about the
  user
• The application accepts or rejects the user

7
How it works
8
How it works (Shibboleth 2)
9
How it works (Shibboleth 1.3)
10
How it works (Demo)
11
Shibboleth Identity Provider (IdP)

• Java Servlet application
• Runs in any Java Servlet 2.4 container
• Does not contain attributes or logins
• Connects to authoritative sources

12
What uses Shibboleth?

• Microsoft Dreamspark
• Apple iTunesU
• Elsevier ScienceDirect
• ExLibris MetaLib
• Google Apps
• . . .lots more. . .

13
Federations

• Trusted communities with common user bases and
  applications
• Can provide metadata, rules, auditing,
  advertising of services, etc.
• Not required for Shibboleth

14
Federation for CHECO

• TBD