integrating running apps into federations janus
play

Integrating running apps into federations + JANUS Terena Eurocamp, - PowerPoint PPT Presentation

Sep 24, 2022 •437 likes •612 views

Integrating running apps into federations + JANUS Terena Eurocamp, 11/2009, Budapest Ernesto Revilla erny@yaco.es 1 Integrating running apps into federations Background: Yaco (30 pers Open Source company) Setting up the andalusian

  1. Integrating running apps into federations + JANUS Terena Eurocamp, 11/2009, Budapest Ernesto Revilla erny@yaco.es 1

  2. Integrating running apps into federations Background:  Yaco (30 pers Open Source company)  Setting up the andalusian (south spanish) federation CONFIA  started July 2009, due Jan 2010  10 Public Universities  Tasks:  Provide common infrastructure (validator, IdP homeless, metadata editor and publishing, CMS,...  Provide LMS SP provisioning connectors (SAML2) for Moodle, ILIAS 4, WebCT.  Help to set up IdPs & SPs, etc., Doc (Rules, etc.) 2

  3. Integrating running apps into federations The main problem  Create another door to get into the app:  Allow users from outside  SSO  Don't trust apps authn  Reuse authentication infrastructure 3

  4. Integrating running apps into federations How  Put SP (door) before apps  Great OS Apps (SSP, Shibboleth, OIOSAML, etc.)  SP != App  One SP, several apps  One app, several SPs  MAY live in different nodes  SHOULD be in same FQDN (use proxy!)  Adjust SP to apps needs 4

  5. Integrating running apps into federations Problems that arise:  No clean separation between authn/authz  Default read permission hold for every authntd user?  User identifiers  Not acceptable? (@, -, _)  What happens with existing identifiers?  Possible name collisions?  Must consider specially local identifiers  Application logout -> SLO  SP <-> App coupling 5

  6. Integrating running apps into federations Our experiencies:  We use SSP  Simple to install/config  Easy to develop new modules (for SP specific needs!)  Good documentation  Scalable  Open source 6

  7. Integrating running apps into federations Protectings apps: trac  python-> still no native SAML package (until now, thanx to Roland)  use authmemcookie  use memcached (good!) (configure the session store!)  incorrect default permissions for 'authenticated' -> reconfigure default permissions  post-logout works! (can modify link text & action)  explicit provisioning not needed  not so tightly coupled (good!) 7

  8. Integrating running apps into federations Protectings apps: subversion  Still not done  Could use svn+ssh://, but infrastructure problem (port 22 reserved)  Difficult to plugin some oauth style authn  Google just generates a special password 8

  9. Integrating running apps into federations Protectings apps: moodle  Outdated authn plugin, now updated, part of project in trunk  Php, integration near to trivial:  User provisioning on-the-fly thru API  User-course enrollment on-the-fly thru API  Problems:  Need to know all data during login (courses)  Still no AttributeQuery (front-channel, back- channel, VO?) (bad)  Tightly coupled (bad) 9

  10. Integrating running apps into federations Protectings apps: ILIAS 4  Outdated shib support in trunk  Now corrected  Requested to use this one, so use ship 2.0 SP module  User provisioning and course enrollment working  Working on logout 10

  11. Integrating running apps into federations Protectings apps: WebCT  Uses auto sign-on protocol  Poor documentation, confusing examples  Loosely coupled (good!)  Uses POSTs to 'adapters' to provision users  Uses MAC (Message Authn Code)  Argument ordering/mac important!  On-the-fly user provisioning already works  Enrollment still missing (due 30/11)  Logout?  Actually it's a module for SSP 11

  12. Integrating running apps into federations Protectings apps: When django?  Very soon!  Due 12/2009  Based on Rolands work  WSGI Middleware 12

  13. Integrating running apps into federations Some conclusions:  On-the-fly provisioning possible  We like SSP (philosophy, project, people)  Sending all courses during Authn not very scalable  Authmemcookie good for apps with basic auth.  AttributeCollector: get attributes from SIS & other sources (actually RDBMS, should be easy to create LDAP, SOAP/REST, etc.) 13

  14. JANUS Summary  Federation Metadata editing & publishings  ARP editing  Module for SSP  Open Source (code.google.com/p/janus-ssp)  Created and sponsored WAYF.DK  Contributions from YACO 14

  15. JANUS A nearer look:  stores metadata in SQL  periodically pulls fresh medatadata from SPs & IdPs (cron)  checks certificates againts CRLs/OCSP  sends emails if problems arise  uses multiauth (saml2, x509)  REST/Json WS to get IdP & SP state for publishing anywhere  RESTful API for updating metadata still missing 15

  16. Integrating running apps into federations + JANUS Any questions? Any suggestions? Thanks for your attention CU at SSP list & code.google.com/p/yaco-ssp-modules erny@yaco.es 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Integrating non web-based services with identity federations Jens Khler, Michael Simon,

Integrating non web-based services with identity federations Jens Khler, Michael Simon,

bw IDM Integrating non web-based services with identity federations Jens Khler, Michael Simon, Sebastian Labitzke, Tobias Dussa, Martin Nubaumer bw IDM The bwIDM project Services of the state of Baden-Wrttemberg placed at

560 views • 11 slides
Asynchronous event/state notifications Janus Where were we? Admin API in the Janus WebRTC

Asynchronous event/state notifications Janus Where were we? Admin API in the Janus WebRTC

FOSDEM2017 L. Miniero Asynchronous event/state notifications Janus Where were we? Admin API in the Janus WebRTC server Monitoring Event Handlers Homer/HEP Providing administrators and developers with more tools to manage a Janus instance

1.21k views • 95 slides
Creating a new Android project CS/SE Individual Practical Stephen Gilmore October 7, 2011

Creating a new Android project CS/SE Individual Practical Stephen Gilmore October 7, 2011

Getting started Running an application Managing apps Debugging apps Designing layouts with XML Getting started Running an application Managing apps Debugging apps Designing layouts with XML Creating a new Android project CS/SE Individual

292 views • 8 slides
Going Google Integrating Google Apps into the College Curriculum Do you know a teacher whose

Going Google Integrating Google Apps into the College Curriculum Do you know a teacher whose

Going Google Integrating Google Apps into the College Curriculum Do you know a teacher whose students: Are accounted for at class time? Are prepared and have their work handy? Turn in assignments when they're due? Imagine a

478 views • 44 slides
Janus: a general purpose WebRTC gateway Standardization Gateways Requirements Janus Modules

Janus: a general purpose WebRTC gateway Standardization Gateways Requirements Janus Modules

Janus L. Miniero Intro WebRTC Janus: a general purpose WebRTC gateway Standardization Gateways Requirements Janus Modules and APIs Lorenzo Miniero lorenzo@meetecho.com A few examples Next steps FOSDEM 2016 Real Time devroom 30 th

429 views • 41 slides
Janus Henderson Global Investors Janus Capital Group Inc. and Henderson Group plc Recommended

Janus Henderson Global Investors Janus Capital Group Inc. and Henderson Group plc Recommended

Janus Henderson Global Investors Janus Capital Group Inc. and Henderson Group plc Recommended Merger of Equals Monday 3 October 2016 Andrew Formica Chief Executive, Henderson Group plc Dick Weil Chief Executive Officer, Janus Capital Group Inc.

594 views • 20 slides
EVE: verifying correct execution of cloud-hosted web applications Suman Jana Vitaly Shmatikov

EVE: verifying correct execution of cloud-hosted web applications Suman Jana Vitaly Shmatikov

EVE: verifying correct execution of cloud-hosted web applications Suman Jana Vitaly Shmatikov The University of Texas at Austin Running interactive web-apps in the cloud Running interactive web-apps in the cloud Running interactive web-apps

442 views • 31 slides
Mininet 3+4 and Wireshark Running GUI Apps through Mininet VM Can you SSH into your VM?

Mininet 3+4 and Wireshark Running GUI Apps through Mininet VM Can you SSH into your VM?

Mininet 3+4 and Wireshark Running GUI Apps through Mininet VM Can you SSH into your VM? Yes, I can SSH into my Mininet VM Install and run X11 Server Mac users: XQuartz: https://www.xquartz.org/ Windows users: Use

560 views • 15 slides
Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of

Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of

WELCOME Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of information An App is a piece of so ware (a program) that needs to be installed on Mobile Apps are device specific, meaning that an App that runs

268 views • 12 slides
Running Apps at the Edge with AWS IoT Greengrass Machine Intelligence Modern Infrastructure

Running Apps at the Edge with AWS IoT Greengrass Machine Intelligence Modern Infrastructure

Running Apps at the Edge with AWS IoT Greengrass Machine Intelligence Modern Infrastructure http://mi2.live What is MI2? MI2 Webinars focus on the convergence of machine intelligence and modern infrastructure . Every alternate week, I deliver

335 views • 17 slides
Janus: back to the future of WebRTC History IETF WebRTC Janus Gateways Lorenzo Miniero

Janus: back to the future of WebRTC History IETF WebRTC Janus Gateways Lorenzo Miniero

TF-WebRTC L. Miniero Meetecho Janus: back to the future of WebRTC History IETF WebRTC Janus Gateways Lorenzo Miniero Requirements Architecture lorenzo@meetecho.com Next steps 1 st TF-WebRTC meeting 15 th December 2014, Paris Outline

653 views • 44 slides
Writing a Janus plugin in Lua C can be a scary world, let us come to the rescue! Lorenzo Miniero

Writing a Janus plugin in Lua C can be a scary world, let us come to the rescue! Lorenzo Miniero

Writing a Janus plugin in Lua C can be a scary world, let us come to the rescue! Lorenzo Miniero @elminiero FOSDEM 2018 Real Time devroom 4 th February 2018, Brussels Remember Janus? A door between the communications past and future

677 views • 50 slides
Boxing them in Buggy apps can crash other apps The Kernel App 1 App 2 App 3 Buggy apps can

Boxing them in Buggy apps can crash other apps The Kernel App 1 App 2 App 3 Buggy apps can

Boxing them in Buggy apps can crash other apps The Kernel App 1 App 2 App 3 Buggy apps can crash OS wants to be your friend Buggy apps can hog all resources Operating System Malicious apps can violate Reading and writing memory, privacy

548 views • 17 slides
Data protection law a new challenge for International Sports Federations GDPR and what

Data protection law a new challenge for International Sports Federations GDPR and what

Data protection law a new challenge for International Sports Federations GDPR and what International Sports Federations must know Bangkok, 20 April 2018 Franois Carrard, Dr . iur ., Attorney-at-law www.kellerhals-carrard.ch AGENDA 1.

440 views • 19 slides
CVMFS for Data Federations Derek Weitzel University of Nebraska - Lincoln Problem with Data

CVMFS for Data Federations Derek Weitzel University of Nebraska - Lincoln Problem with Data

CVMFS for Data Federations Derek Weitzel University of Nebraska - Lincoln Problem with Data Federations Users must know the exact filenames for each job. They have to use special tools they are unfamiliar with in order to use it (such

408 views • 18 slides
F ROM WEBSITES TO APPS , AND NOW FROM APPS TO CHATBOTS ? A NTNIO B RANCO FROM APPS TO CHATBOTS

F ROM WEBSITES TO APPS , AND NOW FROM APPS TO CHATBOTS ? A NTNIO B RANCO FROM APPS TO CHATBOTS

F ROM WEBSITES TO APPS , AND NOW FROM APPS TO CHATBOTS ? A NTNIO B RANCO FROM APPS TO CHATBOTS CEO of large social network in annual development conference 2 months ago Shared vision for next 2 decades: past : with advent of PCs, companies

498 views • 14 slides
Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification,

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification,

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification, Measurement, and Analysis and Analysis ISC/CAIDA Data Collaboration Workshop October 22, 2012 David Plonka &amp; Paul Barford

1.33k views • 26 slides
Network Security CS 642 UW Madison Earlence Fernandes UW Madison CS 642 1 Web Security TLS

Network Security CS 642 UW Madison Earlence Fernandes UW Madison CS 642 1 Web Security TLS

Network Security CS 642 UW Madison Earlence Fernandes UW Madison CS 642 1 Web Security TLS DNS and BGP Oct 8, 2019 Network Security UW Madison CS 642 2 128.105.37.141 We dont want to have to remember IP addresses Early days of

615 views • 36 slides
Mail Abuse S. Moonesamy Eland Systems sm+afrinic@elandsys.com 1 How do we stop spam No

Mail Abuse S. Moonesamy Eland Systems sm+afrinic@elandsys.com 1 How do we stop spam No

AfriN AfriNIC 11 IC 11 No Novemb ember er 200 2009 Mail Abuse S. Moonesamy Eland Systems sm+afrinic@elandsys.com 1 How do we stop spam No instant solution Social problem AfriNIC 11 - Mail Abuse 2 How we read an email message

336 views • 10 slides
Security Operation Center Concepts and Implementation renaud.bidou@intexxia.com &gt; SOC Modules

Security Operation Center Concepts and Implementation renaud.bidou@intexxia.com &gt; SOC Modules

Security Operation Center Concepts and Implementation renaud.bidou@intexxia.com &gt; SOC Modules &gt; Global Architecture &gt; Collection &amp; Storage &gt; Correlation &gt; SOC Modules R Box R Box reaction and reporting + A Box K Box A Box

673 views • 13 slides
Problems and VPNs Johannes Weber Webernetz.net Network Security Consulting #whoami: Johannes

Problems and VPNs Johannes Weber Webernetz.net Network Security Consulting #whoami: Johannes

Dynamic IPv6 Prefix Problems and VPNs Johannes Weber Webernetz.net Network Security Consulting #whoami: Johannes Weber Network Security Consultant @ TV Rheinland i-sec GmbH Firewall VPN/Crypto Routing/Switching Mail

453 views • 30 slides
Open Science Grid Council Meeting April 2014 Ruth Pordes Chair All Hands Meeting A Big Thank

Open Science Grid Council Meeting April 2014 Ruth Pordes Chair All Hands Meeting A Big Thank

Open Science Grid Council Meeting April 2014 Ruth Pordes Chair All Hands Meeting A Big Thank You on behalf of the whole Consortium as well as the Council to Amber and her program team for this years AHM! We know it is lots of work but the

490 views • 17 slides
CGA as alternative security credentials with IKEv2: implementation and analysis SAR-SSI 2012

CGA as alternative security credentials with IKEv2: implementation and analysis SAR-SSI 2012

CGA as alternative security credentials with IKEv2: implementation and analysis SAR-SSI 2012 Orange Labs Jean-Michel Combes (France Telecom - Orange) Aurlien Wailly (France Telecom - Orange) Maryline Laurent (Telecom Sud Paris)

580 views • 26 slides
Setting up Queue Systems with TORQUE &amp; Maui Piero Calucci Scuola Internazionale Superiore di

Setting up Queue Systems with TORQUE &amp; Maui Piero Calucci Scuola Internazionale Superiore di

Setting up Queue Systems with TORQUE &amp; Maui Piero Calucci Scuola Internazionale Superiore di Studi Avanzati Trieste March 14th 2007 Advanced School in High Performance Computing Tools for e-Science Outline Obtaining and compiling

861 views • 53 slides

More recommend