Web Authentication with Shibboleth - University of …jw35/talks/2010-07-ictf-shib/...Web...

Web Authentication with Shibboleth

A view from the Flat East

Jon WarbrickComputing Service

University of Cambridgejw35@cam.ac.uk

Once upon a time there was the web...

...and then sites started to want to identify their visitors

<Location /basic> AuthType Basic AuthName "Who are you?" require valid-user</Location>

To each site its own users

Organization-wide SSOs

• University of Cambridge Raven

• Oxford WebAuth

• Classic Athens (R.I.P.)

• Google

• etc, etc, ...

Great for the institution

Inside

Outside

Great for the institution

Not so good for anything outside

Inside

Outside

• Data protection

• Trust

Two elephants

Enter the Griffin

• AKA Shibboleth

• A Web Auth system designed to support (though not to require)

• multiple IdPs

• inter-organization use

• privacy and anonymity

• multiple attributes

Myth and Legends

• Shib is only for e-Journals

• Only supports anonymity

• Only supplied by Internet2

• Doesn’t do standards

• Is really hard

So, what can we do with it?

E-Journals

Standard web server plugins

Authorization decisions

Web Authentication with Shibboleth - University of …jw35/talks/2010-07-ictf-shib/...Web...

Documents

Ray Collins27th September 2005LGfL Project – workshop report1 LGfL Project Report Proof of Principle of the Shibboleth Authentication & Authorisation Infrastructure

VOMS Attributes Authority & Shibboleth Authentication

Authentication. 2 © 2010 SWITCH Terms: Authentication Mechanism A concrete mechanism used to authenticate a user. Shibboleth 2 currently supports REMOTE_USER,

Delegated Authentication with Shibboleth - Internet2

Shibboleth-based hybrid authentication

Shibboleth Access Management Federations and Secure SDI ... · Shibboleth Access Management Federations and Secure SDI: ESDIN Experience from the OGC Authentication Interoperability

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication

Authentication methods: Shibboleth UKLII: Data Publishing Working Group, Welsh Assembly Government, Cardiff. 28 th March 2011 chris.higgins@ed.ac.uk

eduroam Delegate Authentication System with Shibboleth SSO

Shibboleth & Federations

Holly Eggleston, UCSD Shibboleth and Library Resources InCommon Library/Shibboleth Project

Shibboleth: Molecules, Music, and Middleware. Outline ● Terms ● Problem statement ● Solution space – Shibboleth and Federations ● Description of Shibboleth

Shibboleth SP Logout Support - Shibboleth Training …...Current state of SLO in Shibboleth Shibboleth Service Provider 2.5.x • Supports local and global logout Shibboleth Identity

Shibboleth - iamsect.ncl.ac.ukiamsect.ncl.ac.uk/dissemination/york/York 4th May 2005.pdf · Shibboleth More commonly associated with secure authentication and authorisation systems

MuseKnowledge Proxy and SAML Authentication - … · MuseKnowledge™ Proxy and SAML Authentication MuseGlobal, Inc. One Embarcadero Suite 500 ... • Supports ADFS, Okta, Shibboleth,

Cookies (for authentication) Single Sign-On Passport, Federated passport, Liberty Alliance, Shibboleth GSS-API What you have, what you are, two-factor auth

A Critical Resource for Your Research Communityb-on.dotlib.com.s3.amazonaws.com/files/nejm.pdf · via IP authentication, Athens and Shibboleth. • 3Fully searchable by keyword, title,

Shibboleth A Federated Approach to Authentication and Authorization Fed/Ed PKI Meeting June 16, 2004

Shibboleth Tutorial

Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk