Shibboleth Hopkins

1
Shibboleth _at_ Hopkins

• 10.1.2007

2
Agenda

• Web Access Management
• Shibboleth
• Benefits
• Federation
• InCommon
• JISC Shibboleth Demo
• Demo
• Questions?

3
Web Access Management (WAM)

• Provides Central
• Authentication (AuthN)
• Authorization (AuthZ)
• Attributes
• Reduced Sign On \ Single Sign On (RSO \ SSO)
• Web Applications
• WAM _at_ Hopkins
• CAs SiteMinder
• Shibboleth
• Active Directory Federated Services (Future)

4
Shibboleth

• Standards-based, Open source middleware
• Web Single Sign On
• Attribute exchange
• Components
• IDP Identity Provider
• SP Service Provider
• WAYF Where Are You From

5
Shibboleth
6
Benefits

• Simplify Authorization
• Increased Security
• Reduce user names and passwords remembered
• Collaborate with peers at other institutions

7
Federation

• What is a federation?
• Group of organizations
• Agree on common policies and practices
• Share common set of attributes about users
• InCommon Federation
• Hub and Spoke

8
Federations around the world

• UK UK Federation http//www.ukfederation.org.uk
  /
• Switzerland SWITCHaai http//www.switch.ch/aai
  
• France CRU http//federation.cru.fr/cru/index-
  en.html
• Finland HAKA http//www.csc.fi/english/institu
  tions/haka
• Australia MAMS http//www.federation.org.au/Fe
  dManager/jsp/index.jsp
• Denmark DK-AAI http//www.statsbiblioteket.dk/A
  AI/index.jsp
• Germany DFN-AAI http//www.dfn.de/dienstleistun
  gen/dfnaai/
• US InCommon http//www.incommonfederation.org
• US E-Authentication http//cio.gov/eauthenticatio
  n/

9
InCommon Federation

• Serving more than 1.3 million users
• 45 Higher Education participants
• 17 Sponsored participants
• JSTOR, RefWorks, WebAssign
• National Institutes of Health

10
JISC Shibboleth Demo
http//www.mimas.ac.uk/shibboleth/documentation/Sh
ibboleth20vs20Athens.ppt
11
Shibboleth Login
12
Shibboleth Login
1. User wants a given resource
13
Shibboleth Login
2. User is prompted to login
14
Shibboleth Login
User presses login button
15
Shibboleth Login
User presses login button
16
Shibboleth Login
3. Where Are You From? service is contacted
17
Shibboleth Login
4. User is prompted for their home institution
18
Shibboleth Login
User selects their home institution from
drop-down list
19
Shibboleth Login
User selects their home institution from
drop-down list
20
Shibboleth Login
5. Selected institution is returned to WAYF
21
Shibboleth Login
6. Home institution is contacted
22
Shibboleth Login
7. User is prompted for home credentials
23
Shibboleth Login
User enters credentials at home institution
24
Shibboleth Login
User enters credentials at home institution
25
Shibboleth Login
8. Credentials sent to home institution
26
Shibboleth Login
9. Shibboleth handle sent to Service Provider
27
Shibboleth Login
9. Shibboleth handle sent to Service Provider
28
Shibboleth Login
9. Shibboleth handle sent to Service Provider
29
Shibboleth Login
10. Attributes are requested from home
institution
30
Shibboleth Login
11. Attributes are returned to the Service
Provider
31
Shibboleth Login
An authorisation decision is made based on
attributes received
32
Shibboleth Login
12. User is given access to the resource
33
Shibboleth Login
12. User is given access to the resource
34
Demo

• Journal Storage
• External InCommon Federation
• www.jstor.org
• Johns Hopkins Mailing List Service
• Internal Blue Jay Federation
• https//lists.johnshopkins.edu/sympa

35
Questions?

• For more information please contact
• Andrew Baldwin andrew.baldwin_at_jhu.edu
• Enterprise Authentication Team
  enterpriseauth_at_jhmi.edu

36
Sources

• Shibboleth wiki
• https//spaces.internet2.edu/display/SHIB/WebHome
  
• Switch
• http//www.switch.ch/aai
• JISC PPT Demo
• http//www.mimas.ac.uk/shibboleth/documentation/Sh
  ibboleth20vs20Athens.ppt
• InCommon
• http//www.incommonfederation.org