lets get a federated identity
play

Lets get a federated identity Do you have access to your email? - PowerPoint PPT Presentation

Jan 22, 2023 •34 likes •104 views

Lets get a federated identity Do you have access to your email? Youll need a valid email address Intro to Federated Identity Do you have an account from Protect Network or Twitter You can skip ahead! EuroCAMP Training for

  1. Lets get a federated identity • Do you have access to your email? – You’ll need a valid email address Intro to Federated Identity • Do you have an account from… – Protect Network or Twitter – You can skip ahead! EuroCAMP Training for APAN32 • If not lets create a Feide OpenIdP Account? • If not, lets create a Feide OpenIdP Account? This work is licensed under a Creative Commons – Visit http://openidp.feide.no/ Attribution ‐ ShareAlike 3.0 Unported License . Feide OpenIdP Enter your email address – Click on “Register a new user account” 1

  2. Check your email Complete your registration • Fill in: – User ID – Given name – Surname – Email (already completed) – New password (and Retype new password) New password (and Retype new password) Success! Lets use our federated identity • Visit https://foodl.org/foodle/APAN32 ‐ 4e554 – You now have an account you can use for federated authentication. – The OpenIdP is your Id entity P rovider. 2

  3. Login with your account… Consent Screen – This is the Feide OpenIdP (but you could use – This feature of the Feide OpenIdP tells you about Twitter Protect Network or 445 other sites) Twitter, Protect Network or 445 other sites). the information you are sending to a service the information you are sending to a service. Now complete the survey… What just happened? • You visited a S ervice P rovider (SP) – Foodle – But this service required you to login • Then asked to choose a federated account – You could have selected from a range of accounts • Logged in using an Id entity P rovider (IdP) – Which asked whether you wanted your details Whi h k d h th t d d t il • Secret Survey Questions revealed! sent back to Foodle • You can even add a comment (click on the • Returned to Foodle to access the survey stack of notes). 3

  4. Architecture SAML/Shibboleth v2.x What just happened? HTTP redirect HTTP interaction DS • As a diagram… der r m Sh Identity Provid hibboleth 1. Access SP (x) odule 2. Choose IdP (1) x 3. Login 4. Consent User Agent/Browser 5. Access 5. Access Webserver Shibboleth service Webserver Service Provider Identity Provider • WARNING: Technical explanation follows! SAML2.0 profile: Web browser SSO + HTTP POST binding Initial request from UA to document X 14 – or skip ahead. No active Shibboleth session, UA redirected to DS Architecture SAML/Shibboleth v2.x Architecture SAML/Shibboleth v2.x HTTP redirect HTTP redirect HTTP interaction HTTP interaction DS DS der der r r SP takes back m Sh m Sh Identity Provid Identity Provid control t l hibboleth hibboleth odule odule x x User Agent/Browser User Agent/Browser Webserver Webserver Shibboleth service Shibboleth service Webserver Webserver Service Provider Service Provider Identity Provider Identity Provider DS asks UA to choose an IdP (if not already set in cookie) SP sends SAML Authentication request to the IdP. IdP prompts the UA for credentials, if necessary. Redirect UA back to SP with selected IdP as parameter. 15 16 IdP uses backend to verify credentials (LDAP, ADDS, SQL, etc) 4

  5. Architecture SAML/Shibboleth v2.x Architecture SAML/Shibboleth v2.x HTTP redirect HTTP redirect HTTP interaction HTTP interaction DS DS der der r r m Sh m Sh Identity Provid hibboleth Identity Provid hibboleth odule odule x x User Agent/Browser User Agent/Browser Webserver Webserver SAML response SAML response • Authentication statement No callback! Shibboleth service Shibboleth service Webserver • Attribute statement Webserver Service Provider Service Provider Identity Provider Identity Provider The IdP resolves and filters the principal’s attribute information and The Shibboleth service decrypts, verifies and filters the response constructs a SAML assertion. This assertion can optionally be and gives it to the Shibboleth module (via RPC or TCP). signed and/or encrypted. Next, the IdP POSTs a response to the SP. The Shibboleth module or Webserver will authorise the principal. 17 18 Architecture SAML/Shibboleth v2.x What’s next? HTTP redirect HTTP interaction DS • Can I use this account for anything else? Yes… der r m Sh Identity Provid hibboleth odule – simpleSAML translation portal • http://translation.rnd.feide.no � Single sign on! • Only allows Feide OpenIdP x • Portal is used to translate simpleSAML, Foodle and other tools. User Agent/Browser Webserver – TERENA Conference System TERENA C f S t • http://tnc2011.terena.org/ � Click “Sign in” and search Shibboleth service Webserver Service Provider 2 for ‘openidp’ or look in the “Guest providers” tab. Identity Provider • But you don’t want all your users to sign up Again, the active sessions with every component will provide the single sign-on experience. for a separate account! 19 5

  6. Building your own… How big is your problem? • How big is your problem? • How big is your problem? – Use Google to search for: • Skills required • site:auca.kg login or site:your.domain sign ‐ in – More complex than just configuration. – Adjust your search and look at all the pages that • Available solutions ask for login information. Confusing? – Open Source and Commercial Options • Then make a spreadsheet… p • How do I implement this? H d I i l t thi ? Skills required… Available Solutions… • Concentrate on the skills you have or those • For each “product” or website work out: you want to develop. t t d l – Programming Language (PHP, Perl, Java) • simpleSAMLphp – Webserver (e.g. Apache or Microsoft IIS) – Operating system (Windows, Linux, Mac) – PHP • Search for plug ‐ ins or modules – Multi ‐ lingual support – Linux Windows or Mac Linux, Windows or Mac – Support for simpleSAMLphp or Shibboleth might – Support for simpleSAMLphp or Shibboleth might already be included. • Shibboleth • Can use a combination – IdP is Java – simpleSAMLphp AND Shibboleth are compatible! – Runs within Apache Tomcat • Both are free software. 6

  7. Setup your own environment… Our building blocks… • Self study course to build a federated • VirtualBox to run your VM, or environment for your organisation. i t f i ti • TATA Instacompute • We’ll cover: • Supplied VM image – Setting up an Identity Provider (eg Feide OpenIdP) • simpleSAMLphp IdP • Adding modules like Consent • Shibboleth SP – Protecting a service with Federated Protecting a service with Federated Authentication 7

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

2nd Meeting of ICAC Federated Identity Status & Plans Mine Altunay October 15, 2019 Current

2nd Meeting of ICAC Federated Identity Status & Plans Mine Altunay October 15, 2019 Current

2nd Meeting of ICAC Federated Identity Status & Plans Mine Altunay October 15, 2019 Current Status Adoption of Federated Identity and Access Control is one of the top priorities for the lab Crucial for our success with DUNE,

403 views • 13 slides
Authoritative Quality From Campus Identity Management to a Federated Solution EuroCAMP, Porto,

Authoritative Quality From Campus Identity Management to a Federated Solution EuroCAMP, Porto,

Authoritative Quality From Campus Identity Management to a Federated Solution EuroCAMP, Porto, 2005-11-07 Ingrid Melve, FEIDE manager From campus identity management to a federated solution Case: FEIDE Campus Identity Management 2

655 views • 30 slides
EUDAT: Towards a pan-European Collaborative Data Infrastructure Federated Identity Management and

EUDAT: Towards a pan-European Collaborative Data Infrastructure Federated Identity Management and

EUDAT: Towards a pan-European Collaborative Data Infrastructure Federated Identity Management and Access Control Mark van de Sanden SARA, The Netherlands Terena VAMP workshop Utrecht, 6-7 September 2012 Outline Project Core Services

435 views • 16 slides
#7 Thinking in possibilities for federated log out. Marcel den Reijer & Fouad Makioui

#7 Thinking in possibilities for federated log out. Marcel den Reijer & Fouad Makioui

#7 Thinking in possibilities for federated log out. Marcel den Reijer & Fouad Makioui February 7, 2017 Supervised by Thijs Kinkhorst & Joost van Dijk Introduction Authentication & Authorization Federated identity SAML 2.0 and

288 views • 24 slides
Federated Identity Providers and the Ipsilon project Simo Sorce Sr. Princ. Sw. Engineer, Red Hat

Federated Identity Providers and the Ipsilon project Simo Sorce Sr. Princ. Sw. Engineer, Red Hat

Federated Identity Providers and the Ipsilon project Simo Sorce Sr. Princ. Sw. Engineer, Red Hat 2015/02/06 What is Federation ? In a nutshell: Dealing with users that you do not control on your own. To do that you need to trust a third party

480 views • 23 slides
FIM4L Federated Identity Management for Libraries Nick Roy 40th REFEDS Meeting Tallinn, Estonia

FIM4L Federated Identity Management for Libraries Nick Roy 40th REFEDS Meeting Tallinn, Estonia

FIM4L Federated Identity Management for Libraries Nick Roy 40th REFEDS Meeting Tallinn, Estonia 1 The Beginning Project AARC presentation at LIBER 2018 conference in Lille, by Peter Gietz (DAASI international), Jiri Pavlik (Moravian

736 views • 11 slides
Modelling and Analysing an Identity Federation Protocol: Federated Network Providers Scenario

Modelling and Analysing an Identity Federation Protocol: Federated Network Providers Scenario

Modelling and Analysing an Identity Federation Protocol: Federated Network Providers Scenario Maurice ter Beek (FMT, ISTICNR, Pisa, Italy) joint work with Marinella Petrocchi (IITCNR, Pisa, Italy) Corrado Moiso (Telecom Italia, Torino,

559 views • 28 slides
DIGITAL IDENTITY Ben Livshits, Microsoft Research Overview of Todays Lecture 2 Brief

DIGITAL IDENTITY Ben Livshits, Microsoft Research Overview of Todays Lecture 2 Brief

DIGITAL IDENTITY Ben Livshits, Microsoft Research Overview of Todays Lecture 2 Brief history of user Popular identity identities protocols SAML Single sign-on OpenID InfoCard and CardSpace Federated identity

786 views • 66 slides
Data Services Integration Team WP1 Federated Identity Paul Millar, Patrick Fuhrmann, Bernd

Data Services Integration Team WP1 Federated Identity Paul Millar, Patrick Fuhrmann, Bernd

Data Services Integration Team WP1 Federated Identity Paul Millar, Patrick Fuhrmann, Bernd Schuller, Arsen Hayrapetyan, Marcus Hardt, Shiraz Memon, Shahbaz Memon, Christian Bernardt, Tigran Mkrtchyan, Dennis Klein The grid X.509 (user)

352 views • 17 slides
B2C Creative Presentation 31.07.2009 Travel in Europe The new identity card lets you go on

B2C Creative Presentation 31.07.2009 Travel in Europe The new identity card lets you go on

B2C Creative Presentation 31.07.2009 Travel in Europe The new identity card lets you go on holiday in Europe without your passport. Fingerprint technology makes the new identity card so secure that European countries even accept it instead of

571 views • 26 slides
Federated Identity, SSO and Multifactor Authentication June 23 rd , 2017 Computing Services and

Federated Identity, SSO and Multifactor Authentication June 23 rd , 2017 Computing Services and

Computing Services and Systems Development Federated Identity, SSO and Multifactor Authentication June 23 rd , 2017 Computing Services and Systems Development F EDERATED I DENTITY , SSO AND MFA @ THE U NIVERSITY OF P ITTSBURGH Tony Carra

542 views • 12 slides
Identity and Access Management for Federated Resource Sharing: Shibboleth Stories

Identity and Access Management for Federated Resource Sharing: Shibboleth Stories

APAN, Tokyo, 2006 Identity and Access Management for Federated Resource Sharing: Shibboleth Stories http://arch.doit.wisc.edu/keith/apan/ apanShib-060122-01.ppt Keith Hazelton (hazelton@doit.wisc.edu) Sr. IT Architect, University of

430 views • 24 slides
Open and federated identities with ID4me FOSDEM 2020, 2 February 2020 Vittorio Bertola,

Open and federated identities with ID4me FOSDEM 2020, 2 February 2020 Vittorio Bertola,

Open and federated identities with ID4me FOSDEM 2020, 2 February 2020 Vittorio Bertola, Open-Xchange 1. The problem 2 Our online identity, today The big Internet platforms already create an online identity for us They track us across

312 views • 29 slides
IRODS AND FEDERATED IDENTITY AUTHENTICATION CURRENT LIMITATIONS AND PERSPECTIVE Claudio

IRODS AND FEDERATED IDENTITY AUTHENTICATION CURRENT LIMITATIONS AND PERSPECTIVE Claudio

IRODS AND FEDERATED IDENTITY AUTHENTICATION CURRENT LIMITATIONS AND PERSPECTIVE Claudio Cacciari, claudio.cacciari@surfsara.nl SURF UGM 2020, June 10 th 2020 IRODS and SURF SURF is the collaborative organisation for ICT in Dutch education

669 views • 34 slides
External and Federated Identities on the Web Jan Pazdziora Sr. Principal Software Engineer

External and Federated Identities on the Web Jan Pazdziora Sr. Principal Software Engineer

External and Federated Identities on the Web Jan Pazdziora Sr. Principal Software Engineer Identity Management Special Projects, Red Hat 1 st October 2015 Scope and problem statement Applications get deployed in large organizations and

542 views • 24 slides
Kipper a Grid bridge to Identity Federation Andrey Kiryanov Brief The Kipper client

Kipper a Grid bridge to Identity Federation Andrey Kiryanov Brief The Kipper client

Kipper a Grid bridge to Identity Federation Andrey Kiryanov Brief The Kipper client software combines tools and utilities to extend a Web Application to: Enable login via federated SSO like eduGAIN Retrieve a SAML2 Identity Assertion

385 views • 24 slides
Collaborative Filtering & Content-Based Recommending CS 293S. T. Yang Slides based on R.

Collaborative Filtering & Content-Based Recommending CS 293S. T. Yang Slides based on R.

Collaborative Filtering & Content-Based Recommending CS 293S. T. Yang Slides based on R. Mooney at UT Austin 1 Recommendation Systems Systems for recommending items (e.g. books, movies, music, web pages, newsgroup messages) to users

682 views • 22 slides
On the design of UAS horizontal separation maneuvers Enric Pastor Marc Prez-Batlle Pablo Royo

On the design of UAS horizontal separation maneuvers Enric Pastor Marc Prez-Batlle Pablo Royo

Introduction Geometry Maneuvers Turn limitation and latency Conclusions & Further Work On the design of UAS horizontal separation maneuvers Enric Pastor Marc Prez-Batlle Pablo Royo Raul Cuadrado Cristina Barrado Xavier Prats

578 views • 18 slides
Implementing Raft protocol by coroutines and Ktor Framework Andrii Rodionov @AndriiRodionov

Implementing Raft protocol by coroutines and Ktor Framework Andrii Rodionov @AndriiRodionov

Implementing Raft protocol by coroutines and Ktor Framework Andrii Rodionov @AndriiRodionov About me Devoxx Ukraine organizer KNight Kyiv co-organizer JUG UA Leader Kyiv Kotlin User Group Co-leader Devoxx Ukraine

495 views • 32 slides
Simple objects on Z Fix any i : Z X closed and complementary j : U X open for

Simple objects on Z Fix any i : Z X closed and complementary j : U X open for

Simple objects on Z Fix any i : Z X closed and complementary j : U X open for today. At the end of last time we say we would like j = j ! i = i ! Perv( U ) 0 0 Perv( Z ) Perv( X )

369 views • 21 slides
QCrypt 2018: On the possibility of classical client blind quantum computing Alexandru Cojocaru,

QCrypt 2018: On the possibility of classical client blind quantum computing Alexandru Cojocaru,

Motivations QFactory Security QCrypt 2018: On the possibility of classical client blind quantum computing Alexandru Cojocaru, L eo Colisson, Elham Kashefi, Petros Wallden August 30, 2018 A. Cojocaru, L. Colisson, E. Kashefi, P. Wallden

824 views • 63 slides
bias ASD98b s d1 d2 d3 disc lvds d diffamp/shaper stages s d1 d2 d3 disc lvds d 1

bias ASD98b s d1 d2 d3 disc lvds d diffamp/shaper stages s d1 d2 d3 disc lvds d 1

bias ASD98b s d1 d2 d3 disc lvds d diffamp/shaper stages s d1 d2 d3 disc lvds d 1 2 3 4 g s g s g s g s MDT Electronics - 14 Sept 1999 - E. Hazen MDT Electronics ATLAS ASD99b (Wilkinson) Functions US MDT Signal

51 views • 3 slides
Renewable Energy in Alaska Kathleen Davenport & Laurel Stevens University of Alaska

Renewable Energy in Alaska Kathleen Davenport & Laurel Stevens University of Alaska

Renewable Energy in Alaska Kathleen Davenport & Laurel Stevens University of Alaska Anchorage PADM628 April 13, 2012 What is Renewable Energy? Energy which comes from natural resources which are naturally replenished Local, clean

359 views • 16 slides
SETMuPP Practice Transformation Demonstration Project S ustainable E ducation & T raining M

SETMuPP Practice Transformation Demonstration Project S ustainable E ducation & T raining M

2/20/2019 SETMuPP Practice Transformation Demonstration Project S ustainable E ducation & T raining M odel u nder P harmacist P rovider Reimbursement Renee Robinson PharmD, MSPharm, Tom Wadsworth PharmD, BCPS MPH Associate Clinical

724 views • 16 slides

More recommend