Shibboleth Hopkins

1
Shibboleth _at_ Hopkins

• 05.10.2006

2
Agenda

• Shibboleth Defined
• Shibboleth
• Federations
• JISC Shibboleth Demo
• InQueue Demo
• InCommon Requirements
• Timeline
• Questions?

3
Shibboleth Defined

• Any practice that identifies members of a group
  from outsiders
• Historically, the word was used in the Hebrew
  Bible to distinguish between Ephraimites and
  Gileadites.

http//en.wikipedia.org/wiki/Shibboleth
4
Shibboleth

• standards-based, open source middleware
  software which provides Web Single SignOn (SSO)
  across or within organizational boundaries.
• Federated Web Single Sign On
• Attribute Exchange Controlled by User and their
  Homes Site

5
Federations

• Association of organizations
• Federations around the world
• UK SDSS
• Switzerland SWITCH
• US InCommon
• InQueue Test Federation

6
JISC Shibboleth Demo
http//www.mimas.ac.uk/shibboleth/documentation/Sh
ibboleth20vs20Athens.ppt
7
Shibboleth Login
8
Shibboleth Login
1. User wants a given resource
9
Shibboleth Login
2. User is prompted to login
10
Shibboleth Login
User presses login button
11
Shibboleth Login
User presses login button
12
Shibboleth Login
3. Where Are You From? service is contacted
13
Shibboleth Login
4. User is prompted for their home institution
14
Shibboleth Login
User selects their home institution from
drop-down list
15
Shibboleth Login
User selects their home institution from
drop-down list
16
Shibboleth Login
5. Selected institution is returned to WAYF
17
Shibboleth Login
6. Home institution is contacted
18
Shibboleth Login
7. User is prompted for home credentials
19
Shibboleth Login
User enters credentials at home institution
20
Shibboleth Login
User enters credentials at home institution
21
Shibboleth Login
8. Credentials sent to home institution
22
Shibboleth Login
9. Shibboleth handle sent to Service Provider
23
Shibboleth Login
9. Shibboleth handle sent to Service Provider
24
Shibboleth Login
9. Shibboleth handle sent to Service Provider
25
Shibboleth Login
10. Attributes are requested from home
institution
26
Shibboleth Login
11. Attributes are returned to the Service
Provider
27
Shibboleth Login
An authorisation decision is made based on
attributes received
28
Shibboleth Login
12. User is given access to the resource
29
Shibboleth Login
12. User is given access to the resource
30
InQueue Demo

• https//wayf.internet2.edu/InQueue/sample.jsp
• Select Example State University
• Username demo
• Password demo

31
InCommon Requirements

• Identify
• Executive, Administrative and Billing roles
• Federation Participation Agreement
• Two copies signed
• Identify Participant Operational Practices
• Fees
• 700 App Fee
• 1000 (1 IDM, 20 Resource Providers)

32
InCommon Tech Requirements

• Post Participant Operational Practices on JHU Web
  Site
• Deploy Shibboleth 1.3
• Support and make use of the InCommon identity
  attributes
• Submit and manage metadata and certificate
  signing request

33
Timeline

• April
• Ordered Shibboleth Pilot Servers
• Attended Internet 2 Conference
• May
• Plan JHED schema extensions
• Organize working group
• June
• Attend Camp Shib
• Extend JHED schema

34
Timeline

• July
• Setup Shibboleth Pilot servers
• Initial Shibboleth testing
• August
• Cont. Shibboleth Testing
• Test Shibboleth with Active Directory (ADFS)
• September
• Shibboleth Production Pilot

35
Timeline

• October
• Shibboleth Service Provider Test (Project MUSE)
• November
• TBD

36
Discussion
37
Sources

• Shibboleth wiki
• http//en.wikipedia.org/wiki/Shibboleth
• JISC PPT Demo
• http//www.mimas.ac.uk/shibboleth/documentation/Sh
  ibboleth20vs20Athens.ppt
• InCommon
• http//www.incommonfederation.org/docs/guides/faq.
  cfm
• InQueue
• http//inqueue.internet2.edu/
• InQueue Demo
• https//wayf.internet2.edu/InQueue/sample.jsp