1 wolfgang lierz staff it-services / network & security admin eth-bibliothek zurich integration...
TRANSCRIPT
1 Wolfgang Lierz / IGeLU 2012 Zurich
Wolfgang LierzStaff IT-Services / Network & Security AdminETH-Bibliothek Zurich
Integration Primo-Aleph-PDS-SSO-AAI
Integration of Aleph/Primo with PDS into larger Shibboleth/SSO environments
2
Integration Primo-Aleph-PDS-SSO-AAIWhy Single Sign-On anyway?
Wolfgang Lierz / IGeLU 2012 Zurich
We have alternatives:
- Post-It around display - Post-It below keyboard- Browser password store- KeePass password store- Cloud password store- Facebook login
3
Integration Primo-Aleph-PDS-SSO-AAIAuthentication and Authorization Infrastructure
Wolfgang Lierz / IGeLU 2012 Zurich
Without AAI-SSO
With AAI-SSO
• 1999-2000 First ideas and workshop• 2001-2003 Project study and pilot• 2004-2005 Implementation
5 Wolfgang Lierz / IGeLU 2012 Zurich
Integration Primo-Aleph-PDS-SSO-AAIAuthentication with nethz
Authentication «Who am I»
«nethz» database
«nethz-login»
HR / Students Administration
ETH Zurich members
Active Directory
LDAPRADIU
S
AAI(Shibbolet
h)
WindowsExchangeSharepoint
e-picsWLAN
eduroamVPN
e-collection.ProxySMS
Authorization «What may I do»
«Same Sign On» «Single Sign On»
6
Integration Primo-Aleph-PDS-SSO-AAIAleph in Switzerland
Wolfgang Lierz / IGeLU 2012 Zurich
• ExLibris Aleph v20(only NEBIS with PDS)
• 5 Systems
• Shared User File (SUF) 700000 accounts
• Integration UZH into NEBIS 2013(INUIT)200000 accounts200 libraries
7
Goals within current NEBIS/Aleph operation:
- eliminate separate individual user registration / activation process at library
- enable nethz-userid for ETHZ staff and students
- use nethz-attributes of ALL staff and students by Aleph and discontinue separate user management
Integration Primo-Aleph-PDS-SSO-AAI AAI-SSO for ETHZ staff and students
Wolfgang Lierz / IGeLU 2012 Zurich
8
Integration Primo-Aleph-PDS-SSO-AAIAleph with nethz / PLIF
nightly
Aleph(Application)
Aleph (Database)
nethz
SAP
nethz
AAI
Indices
A4
PDS (login)
A3Batch / Copy on request
A2User / Copy atLogin
PLIF(at least daily)
Batch / triggered by changes
Wolfgang Lierz / IGeLU 2012 Zurich
Shibboleth UniqueID as additional Aleph ID #20
Alternatives A2+A3 unfortunately impossible with Aleph
9
Integration Primo-Aleph-PDS-SSO-AAI2012: AAI-SSO for ETH members
Wolfgang Lierz / IGeLU 2012 Zurich
Authentication via «native» Aleph login
(may disappear 2013)
Authentication via «nethz-login» (AAI-SSO)
(more selections 2013)
Intermediate (PDS) Login page from September 2012
Embedded WAYF
10 Wolfgang Lierz / IGeLU 2012 Zurich
(SSL connection)
Private customers DB- Attributes from Aleph- Passwords only here
New separate Private Customers IDP (at ETHZ)
NEBIS/AlephEAD00
Aleph (Oracle DB)
Private customers
Indices (Aleph)
AAI IDP (operated by Switch)aai-login.libraries.ch
PDS (login) with Shibboleth
Integration Primo-Aleph-PDS-SSO-AAI2013: AAI-SSO for private customers
EAD50 ZAD50 UZH50
AAI IDP (at ETHZ)aai-login.ethz.ch
(via nethz)WAYF
Re(set) passwordpassword.librari
es.ch
(New) registrationregister.libraries
.chInitialPassword
other AAI IDPs
INUIT
future
PIN-VHO
E-Lending
Primo FE 1...4e-shelf
NEBIS Form forregistration
11 Wolfgang Lierz / IGeLU 2012 Zurich
Private customers DB- Attributes now HERE- Passwords only here
Swiss-widePrivate Customers IDP
Alma ?
AAI IDP (operated by Switch)aai-login.libraries.ch
PDS as a separate service WITH attribute retrieval
Integration Primo-Aleph-PDS-SSO-AAIFuture: ID management outside Ex Libris
AAI IDP (at ETHZ)aai-login.ethz.ch
(via nethz)WAYF
Re(set) passwordpassword.librari
es.ch
(New) registrationregister.libraries
.ch
other AAI IDPs
Primo FE 1...4e-shelf
Interface to externalIdentity Management
E-Lendingand others
12
For much more details see our report
Single Sign On für e-lib.ch und sein Webportal(in German, 2012, 61 p.)
e-collection.library.ethz.ch/view/eth:5453
Integration Primo-Aleph-PDS-SSO-AAI Further reading
Wolfgang Lierz / IGeLU 2012 Zurich
13
Thanks to:- SSO project team of ETH-
Bibliothek- ITS IT-Services of ETH-Bibliothek- ICT services of ETH Zurich- SWITCH AAI team- ELCA Informatik AG, Zürich
Integration Primo-Aleph-PDS-SSO-AAI Credits
Wolfgang Lierz / IGeLU 2012 Zurich
14
Thank you!
Integration Primo-Aleph-PDS-SSO-AAI Questions ?
Wolfgang Lierz / IGeLU 2012 Zurich
SFX with PDS-SSO-AAI ?
15 Wolfgang Lierz / IGeLU 2012 Zurich
DEMO
http://www.switch.ch/aai/demo/