Shibboleth authentication & eduroam
Secure authentication solutionto access web and Wi-Fi
Falcon System Consulting Inc.Katsumi Yamashita
©2015 Falcon System Consulting, Inc. All Rights Reserved
Academic
2
Shibboleth Authentication Service Platform
AD orLDAP
IdP Server/Cloud
Shibboleth IdP AuthenticationEduroam SP
※Secure access for browser-based two factor authentication※AD:Active Directory※LDAP:Lightweight Directory Access Protocol※IdP:ID Provider※SP:Service Provider
SSL-VPN SP
Electronic library
©2015 Falcon System Consulting, Inc. All Rights Reserved
A: ID syainAPW ****
・・
A: ID ****APW ****
・・
A: ID A****PW ****
・・
groupware
ELECTRONICJOURNAL
other webapplication
Shibboleth SP Server
Employee A
-Reveres proxy
suzuki********
Authentication isjust Once!
Only input ID and Password to WisePoint once, and you can access every web applicationwithout respective password to individual system.
WisePoint can single-sign-on to various systems, such as O365, GoogleApps, Salesforce,
Mail,GroupWare and web applications developed by user’s own.
No needs to input
【employee ID/PW】
Single sign on Authentication
©2015 Falcon System Consulting, Inc. All Rights Reserved
Account@Adapter provides
RADIUS Proxy for eduroam
RADIUS/LDAP/CA/DHCP services
Account@Adapter support eduroam
University BAAA infrastructure
Cloud
University A
Student ofUniversity B
Student ofUniversity A
RADIUS Proxy
University CAAA infrastructureUniversity A
AAA infrastructure
CampusNetwork
The user account of other universitiesforwards to regional TLRS.
The intramural user refers toLocal DB or AAA infrastructure.
LocalDB
TLRS:Top Level RADIUS ServerCA:Certification Authority
VirtualAppliance
RADIUS Client
RADIUS Client
©2015 Falcon System Consulting, Inc. All Rights Reserved
Account@Adapter provides
RADIUS Proxy for eduroam
RADIUS/LDAP/CA/DHCP services
Account@Adapter support eduroam
University BAAA infrastructure
Internet
University A
Student ofUniversity B
Student ofUniversity A
RADIUS Proxy
University CAAA infrastructureUniversity A
AAA infrastructure
CampusNetwork
The user account of other universitiesforwards to regional TLRS.
The intramural user refers toLocal DB or AAA infrastructure.
LocalDB
TLRS:Top Level RADIUS ServerCA:Certification Authority
VirtualAppliance
RADIUS Client
RADIUS Client