IT Services Shibboleth Single Sign-On overview Overview What/where/why?
IT Services Shibboleth Single Sign-On overview Overview What/where/why? The UK-Federation/Registration Terminology Configuration
Protecting Content Benefits for Application Developers Setting up Shibboleth on a web server (demo) What/where/why Shibboleth? What? Web Single Sign-On system Separates authentication + authorisation Where? Websites/web applications (+ mobile applications) eJournals Why? Single University username and password Log in once, access everything Lightweight development of personalised content
The UK-Federation/Registration Central store for Shibboleth registrations Automatic integration Federated trust Institutions/organisations sign up Separate registration for each service Enables inter-institutional collaboration
(using University username and password) http://www.ukfederation.org.uk/library/uploads/Documents/overview.pdf Terminology: IdP/SP User types their password once per browser session (or not at all) SPs trust the IdPs assertion of user identity and other information Our gateway login server e.g. Website/webapp/eJournal Terminology: Single Sign-on
Accesses to other SPs go through the same flow but the user doesnt have to login to the IdP again Our gateway login server e.g. Website/webapp/eJournal Terminology: Attributes/SAML Attributes things about a person (forename/department etc.)
Most come from a database on the IdP updated nightly from IDFS Group memberships come from the Active Directory updated live from Grouper Some standard attributes, some custom to us release everything to Newcastle SPs, minimal to external SPs SAML Security Assertion Mark-up Language
https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language Terminology: EntityID/Metadata Unique identifier for servers running Shibboleth (IdP or SP) Also referred to as Relying Party Not a valid URL Newcastle standard: https://servicename.ncl.ac.uk/shibboleth/metadata e.g. https://blackboard.ncl.ac.uk/shibboleth/metadata
. . . Service Provider Configuration files shibboleth2.xml
Main Shibboleth service provider configuration file Mostly wont need updating once setup * attribute-map.xml Defines how attributes get turned into web server headers Probably never needs updating Protecting content (mod_shib)
Most web applications require authentication Service Provider software can control who can access the pages Programs/programmers (and users) can personalise content Protecting content: Linux/Apache shibd.conf Apache configuration file
Require (attribute from the attribute-map.xml file) Protecting content: Linux/Apache Any user AuthType shibboleth ShibRequireSession On Require valid-user
User group AuthType shibboleth ShibRequireSession On Require grouper_groups Applications:D-NUIT:Mailing_Lists:NUIT_All_Mailin Protecting content: Windows shibboleth2.xml
Protecting content: Windows Any user authType="shibboleth"/> User group Applications:DECLS:ECLS_Auto_StaffContact_Admin Application Developers No authentication code required
No user credentials stored Access to live accurate user information Server headers contain headers for personalisation Language and platform independent PHP $_SERVER['Shib-affiliation']; Java HttpServletRequest.getHeader("Shibaffiliation") ASP Request.ServerVariables("HTTP_SHIB_AFFILIATIO
N") Setting up a Shibboleth Service Provider 1. Download/install the Shibboleth SP software - instructions at https://wiki.shibboleth.net/confluence/display/SHIB2/Installation 2. Download the attribute-map.xml and shibboleth2.xml files from http://www.ncl.ac.uk/itservice/login-gateway/installing/ ---------------------------------
3. Edit shibboleth2.xml replace servicename.ncl.ac.uk (test at: https://.ncl.ac.uk/secure) 4. Open an NUService ticket telling us the service address you want us to register. Summary Authentication dealt with by the IdP Authorisation dealt with by SPs Removes need for apps to authenticate Passwords entered in one place
SP configuration in XML or Apache files Access based on user attributes/federated trust Personalised content Access to many resources without re-authentication Lightweight personalisation of content Minimal (none identifiable) information released off-campus, by default Any questions? Shibboleth Wiki: https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPGettingStarted Our service pages: http://www.ncl.ac.uk/itservice/login-gateway/
3-Bureaucratic Control. Bureaucratic Control. Control through a system of rules and . standard operating procedures (SOPs) that shape the behavior of divisions, functions, and individuals. 8-Rules and SOPs tell the worker what to do (standardized actions) so outcomes are predictable....
hGio = GIO_create (name,mode,* status,chanParams,* attrs) 30 March 2017. Dr. Veton Këpuska. MOD_create API all return the handle to the new object. Arguments mirror those from static configuration. Many 'attrs' arguments are 'placeholders' for possible future definition.
ABA Model Rule 1.1. August 2012 Amendments. Comment  of Model Rule 1.1 was changed to Comment  and amended to add the phrase beginning with including: To maintain the requisite knowledge and skill, a lawyer should keep abreast of...
Naming Ionic Compounds LiBr lithium bromide MgCl2 magnesium chloride Li2S lithium sulfide Al2O3 aluminum oxide Na3P Mg3N2 Notice that binary ionic compounds with metals having one oxidation state They do not use prefixes or Roman numerals!!!
Impacto a la escalera por otros objetos. Datos Step ladders must have a metal spreader bar Never stand on second top or top step! Slip resistant foot pads Step braces Slip resistant steps Pail shelf The parts of a step...
Summary: How do buildings get built ? Role of traditional drawings Storage AND communication of design information Potential problem areas Communication, Representation and Comprehension, Change and Consistency, Knowledge Expertise & Skills, Static Are construction companies conservative ?
Vocational training and tutoring on assessment in nuclear security, nuclear safety and radiation protection. Calls on European TSO expertise to maximize the transfer of knowledge, practical experience and safety culture. European and International Training & Tutoring
Ready to download the document? Go ahead and hit continue!