Background
IAMSECT Project - JISC funded Shib early adopter 2 year project (finished this summer) VLE focussed Focus on shared medical students Collaboration with Durham
One of few practical deployment Projects
Blogs
Ease of installation: Modify php authentication code
(1 man day)
Benefits:User account creation automatedLogin never exposed to potentially untrustworthy code
Sympa Mailing lists
Ease of installation: Supported out of the box,
adjust config file(1 hour)
Benefits:SSOAuto account creation Allows both shib and local Auth
Mediawiki
Ease of installation: Download + install “extension”
tweak config file (1 hour)
Benefits:SSOUser accounts creation automatedLogin never exposed to potentially untrustworthy code
Quick easy Access Control
Ease of installation: .htaccess file by users (5 mins)
Benefits: Web developers don’t need to understand
complexities of secure loginAuto population of info fields (email addresses etc)
Coursework.cs
Ease of installation: Install shib + configure server
Work out how best to do WAYF
Benefits: Federated service now possible, Durham
students can now use.
Medical VLE
Ease of installation: Hard (Zope based) fast_cgi complex difficult user base Large legacy
Benefits:SSORoadmap away from legacy
Reduced admin
Athens
Ease of installation:
Hard (at the time) : - easy now?
working out how to join multiple feds
SSL cert incompatibility worries- now gone
Benefits:
SSO
Reduced Admin overhead
What shib is not used for
Blackboard in Newcastle Blackboard shib support is UNIX based Windows possible (but not out of the
box) Durham have test UNIX install
Benefits of shib
International takeup = defacto standard“out of the box” shibd apps available.
One web login technology to supportLess SysAdmin effortLess documentationLess user education
Less burden on web developers, don’t need to understand:How to do secure login How / Where to get user data
How to install
Very brief overview of stepsPrerequisitesIdPSP
Timescales
See http://iamsect.ncl.ac.uk for details
How to install: prerequisites
Prerequisites:
Identify suitable password store
e.g. Active Directory
Learn how to do https
SSL certs, certificate Authorities
Deploy WebISO or simple sign on
e.g. Pubcookie, CAS, Mod_auth_Ldap
How to install: shib IdP
Install and configure the software:• not that hard (anymore)• Java based (java skills not needed)• Follow guide • tweak xml config files
Difficult bits:• SSL certs (global sign or Thawte)• Identify institutional data stores
How to Install: shib SP
Linux + Apache:Prerolled RPMs= install + tweak config file (couple of hours)
Windows + IIS:MSI installer= install+tweak config file
(couple of hours)Java, Python, Ruby, Perl or cgi: Stick behind linux + apache, Install + configure connector (mod_jk, fast_cgi) (couple of days)
Where to get help
https://authdev.it.ohio-state.edu/twiki/bin/view/Shibboleth/WebHome
http://iamsect.ncl.ac.uk http://shib.kuleuven.be/ http://www.switch.ch/aai/