myfirst idp
play

MyFirst IdP EuroCAMP Training This work is licensed under a Creative - PDF document

Jan 21, 2023 •50 likes •440 views

MyFirst IdP EuroCAMP Training This work is licensed under a Creative Commons Attribution ShareAlike 3.0 Unported License . Acknowledgements Portions of this training course taken from: SWITCHaai simpleSAMLphp website EduGate

  1. MyFirst IdP EuroCAMP Training This work is licensed under a Creative Commons Attribution ‐ ShareAlike 3.0 Unported License . Acknowledgements • Portions of this training course taken from: – SWITCHaai – simpleSAMLphp website – EduGate Federation – K.U.Leuven Shibboleth Materials 1

  2. Pre ‐ requisites • A training VM from Disc or Web that has been i iti ll initially setup. t • This image has simpleSAMLphp, Shibboleth SP and other utilities included. What’s on the VM? • TurnKey Linux LAMP Stack – http://www.turnkeylinux.org/lampstack htt // t k li /l t k – Apache HTTPd Web Server – MySQL Database – PHP 5.3 • simpleSAMLphp + requirements – http://simplesamlphp.org/docs/1.8/simplesamlphp ‐ install • OpenLDAP Directory • Shibboleth Service Provider – Daemon + mod_shib for Apache • Dynamic DNS Client & Configuration 2

  3. simpleSAMLphp vs Shibboleth simpleSAMLphp Shibboleth IdP Shibboleth SP SAML1.1 (Shib Profile) ~ X X SAML2.0 (saml2int) SAML2 0 (saml2int) X X X X X X Identity Provider (IdP) X X ‐ Service Provider (SP) X ‐ X Bridge (IdP< ‐ >SP) X ‐ ‐ OAuth/OpenID X ‐ ‐ Discovery Service X ‐ ‐ Latest Version 1.8 2.2 2.4 Programming Lang. PHP Java Servlet C Primary Developer UNINETT Internet2 Internet2 • simpleSAMLphp doesn’t support the IdP Artifact • Discovery Service /DS is a separate Java Servlet • simpleSAMLphp can bridge OAuth/OpenID to SAML Login & Set up simpleSAMLphp 3

  4. Basic simpleSAMLphp setup • Copy the default configuration files: cd /var/simplesamlphp/ cd /var/simplesamlphp/ cd /var/simplesamlphp/ cp -r config-templates/* config/ cp -r config-templates/* config/ cp -r metadata-templates/* metadata/ cp -r metadata-templates/* metadata/ • simpleSAMLphp installed using Subversion cd /var/ svn checkout http://simplesamlphp.googlecode.com/svn/trunk/ simplesamlphp • Subversion ‘svn’ is a version control system cd /var/simplesamlphp/ svn update � update to latest version svn update –r XXXX � goto revision, default HEAD http://svnbook.red ‐ bean.com/ Your simpleSAML page is live! 4

  5. The IdP isn’t setup yet… Explore simpleSAMLphp… 5

  6. Default password ‘123’ Enabling SAML 2.0 IdP • We need to enable SAML2.0 IdP! • simpleSAMLPphp configuration located at: /var/simplesamlphp/config/ • Two major configuration files: config.php authsources.php • Take a look at config php • Take a look at config.php cd /var/simplesamlphp/config/ cd /var/simplesamlphp/config/ more config.php more config.php http://simplesamlphp.org/docs/1.8/simplesamlphp-install #section_7 6

  7. 3 ways to edit files • Two via the command line terminal: cd /var/simplesamlphp/config/ cd /var/simplesamlphp/config/ – vi – the visual editor vi config.php – pico/nano pico config.php easier to use that vi if you’ve never used vi • Web Based Simple Editor Essential File Editing Commands Editor Nano VIM $ nano file.xml $ vim file.xml Open file Save file <ctrl>-o <esc>, :w Save and exit <ctrl>-x <esc>, :wq <esc>, ZZ Search string <ctrl>-w, string <esc>, / string Go to line <ctrl>--, number , <esc>, number , , , number <shift>-G Pro and Cons + Easy + Powerful - Few features - A bit “weird” to use http://www.switch.ch/aai/support/presentations/installfest ‐ 2009/ShibInstallFest ‐ Tipps ‐ and ‐ Tricks.ppt 7

  8. Web Interface for editing… Web Interface for editing… • … for file browser. • Edit to launch editor. 8

  9. • Basic text editing. diti • Click to ‘Save’ Remember to change… • Enable IdP: 'enable.saml20-idp' => true, 'enable saml20 idp' > true ' 'enable.saml20-idp' => true, bl l20 id ' t • Generate Random Bytes: 'auth.adminpassword' => ' your_new_password ’, tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz’ \ </dev/urandom | dd bs=32 count=1 2>/dev/null;echo – or type random characters. • Update Secret Salt: 'auth.adminpassword' => ' your new password ’, 'secretsalt' => 'randombytesinsertedhere', # or type junk! • Admin Password & Contact Details: 'auth.adminpassword' => ' your_new_password ’, 'auth.adminpassword' => ' your_new_password ', 'technicalcontact_name' => ' My Name ', 'technicalcontact_email' => ' my.name@inst.federated.now ', http://simplesamlphp.org/docs/1.8/simplesamlphp-install#section_7 9

  10. How do you want to login? • Pick an authentication source – X509 Certificate, RADIUS, OpenID, YubiKey, Facebook, Twitter, MySpace, LinkedIn, Windows Live ID. – …or write your own. • We will look at 3 – Configuration File with Username/Password – SQL Database – LDAP Directory 10

  11. Simple Username/Password Auth • Uses the exampleauth module – enable it! t touch modules/exampleauth/enable h d l / l th/ bl Some basic test accounts… – Edit config/authsources.php – Enable example-userpass – remove /* */ E bl l / / /* 'example-userpass' => array( 'exampleauth:UserPass', 'student:studentpass' => array( 'uid' => array('test'), 'eduPersonAffiliation' => array('member', 'student'), ), 'employee:employeepass' => array( 'uid' => array('employee'), 'eduPersonAffiliation' => array('member', 'employee'), ), ), */ – Add your own account – watch out for , 11

  12. Add an account 'example-userpass' => array( 'exampleauth:UserPass', 'student:studentpass' => array( 'uid' => array('test'), uid > array( test ), 'eduPersonAffiliation' => array('member', 'student'), ), 'employee:employeepass' => array( 'uid' => array('employee'), 'eduPersonAffiliation' => array('member', 'employee'), ), 'username:password' => array( 'uid' => array('username'), 'eduPersonAffiliation' => array('member', 'faculty'), ), ), • Pick a username and password. Add additional attributes 'username:password' => array( 'uid' => array('username'), ' d P 'eduPersonAffiliation' => array('member', 'faculty'), Affili ti ' > (' b ' 'f lt ') 'cn' => array('My Name'), 'postalCode' => array('1017 AW'), 'telephoneNumber' => array('+31205304488'), ), ), • Logout and Login in to see your attributes. • For an extensive list of attribute look at: more attributemap/name2oid.php 12

  13. How to really test this IdP? • Can’t test generated attributes via authsource • Setup additional hostnames: echo 'idp XX -ws X .lab.iamfederated.org' >> /etc/ddclient.conf • echo 'sp XX -ws X .lab.iamfederated.org' >> /etc/ddclient.conf more /etc/ddclient.conf • Refresh Dynamic DNS and wait /etc/init.d/ddclient restart grep ddclient /var/log/syslog • Swap the IdPs metadata with our SPs! Find your IdPs Metadata • Click “Show metadata” under the IdP entry 13

  14. Copy the PHP version of Metadata • Add to metadata/saml20-idp-remote.php $metadata['https://host12- ws3.lab.iamfederated.org/simplesaml/saml2/idp/metadata.php'] = array ( 'metadata-set' => 'saml20-idp-remote', 'entityid' => 'https://host12- ws3.lab.iamfederated.org/simplesaml/saml2/idp/metadata.php', 'SingleSignOnService' => 'https://host12- ws3.lab.iamfederated.org/simplesaml/saml2/idp/SSOService.php' , 'SingleLogoutService' => 'https://host12- ws3.lab.iamfederated.org/simplesaml/saml2/idp/SingleLogoutSer vice.php', 'certData' => 'MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BA…', 'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid- format:transient', ); ); Login from your SP • Visit https://spXX ‐ wsX.lab.iamfederated.org/simplesaml/ • Select ‘default ‐ sp’ 14

  15. Error? Your IdP needs know your SP • Visit https://spXX ‐ wsX.lab.iamfederated.org/simplesaml/ 15

  16. Your IdP needs know your SP • Copy the PHP metadata. • Add to metadata/saml20-sp-remote.php $metadata['https://sp12- ws3.lab.iamfederated.org/simplesaml/module.php/saml/sp/metada ta.php/default-sp'] = array ( 'AssertionConsumerService' => 'https://sp12- ws3.lab.iamfederated.org/simplesaml/module.php/saml/sp/saml2- acs.php/default-sp', 'SingleLogoutService' => 'https://sp12- SingleLogoutService => https://sp12- ws3.lab.iamfederated.org/simplesaml/module.php/saml/sp/saml2- logout.php/default-sp', ); ); • Try logging in again at http://spXX ‐ wsX… Copy & Paste Error? …or not! 16

  17. Spot the difference • Four differences between left & right. • HTTP vs HTTP S changes the dynamic entityID. You might have seen this warning… 17

  18. Two solutions to fix this • Force HTTP S on your website – Apache Configuration for SSL/TLS – Redirecting HTTP � HTTPS – HTTP Strict Transport Security (HSTS) • Hardwire the entityID – Can be configured statically rather than dynamic – Can be configured statically rather than dynamic. – Best practice is to make your metadata accessible from your entityID URI, so that it is also a URL. • Can use “Redirect” in Apache config to achieve this. HTTP ‐ > HTTPS Redirect • Add to HTTP VHOST configuration: vi /etc/apache2/sites-enabled/000-default vi /etc/apache2/sites enabled/000 default <VirtualHost *:80> … <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} </IfModule> </VirtualHost> / tua ost • Uses a Rewrite Rule to force site to HTTP S • Enable rewrite & headers and restart Apache a2enmod rewrite headers /etc/init.d/apache2 restart 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NARUC E le c tric Ve hic le s Sta te Wo rking Gro up MARCH ME E T I NG MARCH 31, 2020

NARUC E le c tric Ve hic le s Sta te Wo rking Gro up MARCH ME E T I NG MARCH 31, 2020

NARUC E le c tric Ve hic le s Sta te Wo rking Gro up MARCH ME E T I NG MARCH 31, 2020 AGE NDA 3:00 PM Welcome and Introductions (5 minutes) Agenda review Roll call, by state 3:05 PM Panelist Opening Remarks: 5 minutes:

717 views • 26 slides
DCPT The Danish Centre of Particle Therapy Information meeting November 26, 2014 The Danish

DCPT The Danish Centre of Particle Therapy Information meeting November 26, 2014 The Danish

DCPT The Danish Centre of Particle Therapy Information meeting November 26, 2014 The Danish Centre of Particle Therapy Information meeting Agenda Welcome and introduction The project from a clinical view Information

712 views • 22 slides
Climate Friendly Purchasing Toolkit; An Introduction www.westcoastclimateforum.com Tuesday, May

Climate Friendly Purchasing Toolkit; An Introduction www.westcoastclimateforum.com Tuesday, May

Climate Friendly Purchasing Toolkit; An Introduction www.westcoastclimateforum.com Tuesday, May 3, 2016 West Coast Climate and Materials Management Forum The West Coast Climate and Materials Management Forum is an EPA-convened collaboration

874 views • 64 slides
All Your Rule Base Are Belong to Me Jewel H. Ward

All Your Rule Base Are Belong to Me Jewel H. Ward

All Your Rule Base Are Belong to Me Jewel H. Ward Doctoral Student, UNC-CH SILS &amp; DICE iRODS User Mee,ng February 17-18, 2011

406 views • 15 slides
Drone surveillance and tracking using cost-effective 3D AESA Radar Speaker: Dr. Yu-Jiu Wang,

Drone surveillance and tracking using cost-effective 3D AESA Radar Speaker: Dr. Yu-Jiu Wang,

Drone surveillance and tracking using cost-effective 3D AESA Radar Speaker: Dr. Yu-Jiu Wang, (Ph.D., Caltech) Chairman &amp; C.E.O, Tron Future Tech Inc. Tron Future Tech Tron Future Tech Inc. Our Mission: We help our customers collect,

297 views • 26 slides
Standard Terms of Contract Michael S. Carter Alcatel-Lucent Presenter Profile Before joining

Standard Terms of Contract Michael S. Carter Alcatel-Lucent Presenter Profile Before joining

Standard Terms of Contract Michael S. Carter Alcatel-Lucent Presenter Profile Before joining ASN in 2000, Michael was international counsel for Alcatel Italia (1997-2000) and Alcatel Place in Paris (1995-97). He practiced law picture here

607 views • 11 slides
WebEvent: Your Jobvite Data: Connected &amp; Simplified With PeopleInsight www.peopleinsight.com

WebEvent: Your Jobvite Data: Connected &amp; Simplified With PeopleInsight www.peopleinsight.com

WebEvent: Your Jobvite Data: Connected &amp; Simplified With PeopleInsight www.peopleinsight.com 1 2 3 Data is the HR should be Technology is game changer doing HR. Not no longer a for HR. spreadsheets. valid excuse. 20 Minute Focus

842 views • 12 slides
Recent and Upcoming Advances in the Dyninst Toolkits Bill Williams Paradyn Project Petascale

Recent and Upcoming Advances in the Dyninst Toolkits Bill Williams Paradyn Project Petascale

Recent and Upcoming Advances in the Dyninst Toolkits Bill Williams Paradyn Project Petascale Tools Workshop Granlibakken, CA Aug 1-Aug 4, 2016 Dyninst Development Roadmap Dyninst 9.2 Dyninst 9.3 Dyninst 10.0 Q2/3 2016

539 views • 26 slides
Portfolio Optimization under Value-at-Risk Constraints Rajeeva L. Karandikar Director Chennai

Portfolio Optimization under Value-at-Risk Constraints Rajeeva L. Karandikar Director Chennai

Portfolio Optimization under Value-at-Risk Constraints Rajeeva L. Karandikar Director Chennai Mathematical Institute rlk@cmi.ac.in rkarandikar@gmail.com (Joint work with Prof Tapen Sinha, ITAM, Mexico ) Rajeeva L. Karandikar Director,

602 views • 35 slides
Greedy Algorithms Lecture 17 March 19, 2015 Chandra &amp; Lenny (UIUC) CS374 1 Spring 2015 1

Greedy Algorithms Lecture 17 March 19, 2015 Chandra &amp; Lenny (UIUC) CS374 1 Spring 2015 1

CS 374: Algorithms &amp; Models of Computation, Spring 2015 Greedy Algorithms Lecture 17 March 19, 2015 Chandra &amp; Lenny (UIUC) CS374 1 Spring 2015 1 / 46 Part I Problems and Terminology Chandra &amp; Lenny (UIUC) CS374 2 Spring

1.64k views • 142 slides
&quot;To a man with a hammer, &quot;T ith h everything looks like a nail&quot; everything

&quot;To a man with a hammer, &quot;T ith h everything looks like a nail&quot; everything

Topic 9 Introduction to Recursion I t d ti t R i &quot;To a man with a hammer, &quot;T ith h everything looks like a nail&quot; everything looks like a nail -Mark Twain Mark Twain CS 307 Fundamentals of 1 Computer Science

664 views • 55 slides
eWIC Webinar 8: Outreach Planning for Partners Thursday, November 21, 2013 10:30 11:30 Log

eWIC Webinar 8: Outreach Planning for Partners Thursday, November 21, 2013 10:30 11:30 Log

12/2/2013 eWIC Webinar 8: Outreach Planning for Partners Thursday, November 21, 2013 10:30 11:30 Log into the webinar using the link sent with registration. How to use Go To Meeting 2 Guidelines for Webinars If you have technical

711 views • 9 slides
Syntax-based Transla0on Part 1: Re-ordering for Phrase-based

Syntax-based Transla0on Part 1: Re-ordering for Phrase-based

Syntax-based Transla0on Part 1: Re-ordering for Phrase-based transla0on March 13, 2012 Thanks to Michael Collins for many of todays slides. Take a look at Mikes course:

903 views • 77 slides
HOW TO PICK THE BEST WHEAT VARIETY Scott D. Haley CSU Wheat Breeder Soil and Crop Sciences

HOW TO PICK THE BEST WHEAT VARIETY Scott D. Haley CSU Wheat Breeder Soil and Crop Sciences

HOW TO PICK THE BEST WHEAT VARIETY Scott D. Haley CSU Wheat Breeder Soil and Crop Sciences Department Colorado State University Fort Collins, Colorado scott.haley@colostate.edu wheat.colostate.edu @CSUwheatguy Famous Statisticians and Quotes

838 views • 32 slides
Data Intensive Linguistics Lecture 1 Introduction (I): Words and Probability Philipp Koehn 9

Data Intensive Linguistics Lecture 1 Introduction (I): Words and Probability Philipp Koehn 9

Data Intensive Linguistics Lecture 1 Introduction (I): Words and Probability Philipp Koehn 9 January 2006 PK DIL 9 January 2006 1 Welcome to DIL Lecturer: Philipp Koehn TA: Sebastian Riedel Lectures: Mondays and Thursdays,

350 views • 19 slides
Syntax-based Transla0on Part 1: Re-ordering for

Syntax-based Transla0on Part 1: Re-ordering for

Syntax-based Transla0on Part 1: Re-ordering for Phrase-based transla0on Machine Translation Lecture 13 Instructor: Chris Callison-Burch Thanks to Michael Collins for many of todays slides. Take a

754 views • 49 slides
GAC Leadership Elections outline Olof Nordling Julia Charvolen Introduction GAC leadership

GAC Leadership Elections outline Olof Nordling Julia Charvolen Introduction GAC leadership

GAC Leadership Elections outline Olof Nordling Julia Charvolen Introduction GAC leadership elections are due to take place and conclude in ICANN 60 in Abu Dhabi Open seats: 1 GAC Chair, 5 GAC Vice Chairs Nomination period from now

587 views • 15 slides
Class and program design: SCOOBI perspective Whats difficult in developing scoobi/scoobido?

Class and program design: SCOOBI perspective Whats difficult in developing scoobi/scoobido?

Class and program design: SCOOBI perspective Whats difficult in developing scoobi/scoobido? Always do the hard part first. If the hard part is impossible, why waste time on the easy part? Once the hard part is done, youre home free.

311 views • 4 slides
CS101 Lecture 20 Flash Animation: Tweening Aaron Stevens 11 March 2011 1 Overview/Questions

CS101 Lecture 20 Flash Animation: Tweening Aaron Stevens 11 March 2011 1 Overview/Questions

CS101 Lecture 20 Flash Animation: Tweening Aaron Stevens 11 March 2011 1 Overview/Questions Whats in a tween? Beginning - what and where Ending - what and where Duration - how long Thats it If only it were

381 views • 13 slides
What Youll Learn Today Review, Q&amp;A: Flash Tweening Using Flash as a multimedia

What Youll Learn Today Review, Q&amp;A: Flash Tweening Using Flash as a multimedia

CS101 Lecture 21 Flash Animation: Images Aaron Stevens 21 March 2011 1 What Youll Learn Today Review, Q&amp;A: Flash Tweening Using Flash as a multimedia content delivery platform. Review: image types and data requirements

346 views • 11 slides
CMSC427 Geometry and Vectors Review: where are we? Parametric curves and Hw1? Going

CMSC427 Geometry and Vectors Review: where are we? Parametric curves and Hw1? Going

CMSC427 Geometry and Vectors Review: where are we? Parametric curves and Hw1? Going beyond the course: generative art https://www.openprocessing.org Brandon Morse, Art Dept, ART370 Polylines, Processing and Lab0? Questions

628 views • 51 slides
JUST THE MATHS SLIDES NUMBER 3.2 TRIGONOMETRY 2 (Graphs of trigonometric functions) by

JUST THE MATHS SLIDES NUMBER 3.2 TRIGONOMETRY 2 (Graphs of trigonometric functions) by

JUST THE MATHS SLIDES NUMBER 3.2 TRIGONOMETRY 2 (Graphs of trigonometric functions) by A.J.Hobson 3.2.1 Graphs of elementary trigonometric functions 3.2.2 Graphs of more general trigonometric functions UNIT 3.2 - TRIGONOMETRY 2

100 views • 7 slides
Network Layout Ma Maneesh Agrawala CS 448B: Visualization Fall 2020 1 Last Time: Animation 2

Network Layout Ma Maneesh Agrawala CS 448B: Visualization Fall 2020 1 Last Time: Animation 2

Network Layout Ma Maneesh Agrawala CS 448B: Visualization Fall 2020 1 Last Time: Animation 2 1 Implementing Animation 3 Animation Approaches Frame-based Animation Redraw scene at regular interval (e.g., 16ms) Developer defines the

837 views • 66 slides
Personalized Health and Africa Neil D. Lawrence University of She ffi eld 18th June 2015 Outline

Personalized Health and Africa Neil D. Lawrence University of She ffi eld 18th June 2015 Outline

Personalized Health and Africa Neil D. Lawrence University of She ffi eld 18th June 2015 Outline Diversity of Data Massively Missing Data Not the Scale its the Diversity Outline Diversity of Data Massively Missing Data Massive Missing

881 views • 44 slides

More recommend