AAI @ TERENA

TF-EMC2 15 feb 2011

Dyonisius Visservisser@terena.rgwww.terena.org

Slide 2

Where it all started

› REFEDS Wiki› Dog food› MediaWiki + SimpleSAMLphpAuth› One SP› Accumulated ~ 20 bilateral IdPs

<lastname@terena.org>

Next SP comes along

› TACAR › Will need to contact several IdPs again to

exchange metadata › 3rd SP› 4th SP etc etc

Slide 4

Too many IdP-SP combinations

› Difficult to manage:

Slide 5

New approach: proxy

› Create one SP to connect as many IdPs as …› “Hide” all our other SPs behind that

› SPs can all have one statically configured IdP› So no need to have a disco on each SP

› External IdPs only do business with a single TERENA SP

Slide 6

WordPressetc

FileSender

CORE

TACAR

Sympa

Event reg

My.terena.org

LinkedIn

Yahoo

Google

Slide 8

OpenID

Twitter

MySpace †

WindowsLive

FaceBook

SimpleSAMLphpSecretariat

IdP

LDAPRefeds wiki

Confluence

SimpleSAMLphpSP Proxy

SimpleSAMLphpBridge

Guest IdPs…

eduGAIN

3 morefederations

15 morebilaterals…

SURFfed

AAI@EduHR

???????IdPSP

?????? = Globally unique ID

› Generate globally unique identifier for ALL users that could possibly come in

› Pick first available attr name+value from:› eduPersonTargetedID› eduPersonPRincipalName› Openid/Twitter/FB/Myspace/windowslive/linkedin

› Append !IdP› Result + demo: https://tnc2011.core.terena.org

› (PG table)

Slide 9

Pre-login user provisioning

› Invitation system (demo)

Slide 10

TO Do

› Central user repository (LDAP/SQL)› Central group repository (DIY/Grouper/SURF/?)› Profile page to manage your data (SWICTH’s

javascript side bar/?)› Account linking (Login4life,David? )› Consent dialog upon first login

› -> Cherry pickin’ from community

Slide 11

Automated IdP checks?

Slide 12

All configured IdPs

IdPS that have our metadata

IdPs that have our metadata and that send usable attrs

Issues encountered

› Changing your SP metadata at remote parties takes a long time› So don’t start with 1K keys

› Non-federated users – guest accounts?› Too many guest options now

Slide 13