aai @ terena tf-emc2 15 feb 2011 dyonisius visser visser@terena.rg

Report

Tags:

Post on 19-Dec-2015

224 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

AAI @ TERENA

TF-EMC2 15 feb 2011

Dyonisius Visser

visser@terena.rg

www.terena.org

mailto:visser@terena.rg

Slide 2

Where it all started

› REFEDS Wiki› Dog food› MediaWiki + SimpleSAMLphpAuth› One SP› Accumulated ~ 20 bilateral IdPs

<lastname@terena.org>

Next SP comes along

› TACAR › Will need to contact several IdPs again to

exchange metadata › 3rd SP› 4th SP etc etc

Slide 4

Too many IdP-SP combinations

› Difficult to manage:

Slide 5

New approach: proxy

› Create one SP to connect as many IdPs as …› “Hide” all our other SPs behind that

› SPs can all have one statically configured IdP› So no need to have a disco on each SP

› External IdPs only do business with a single TERENA SP

Slide 6

WordPressetc

FileSender

CORE

TACAR

Sympa

Event reg

My.terena.org

LinkedIn

Yahoo

Google

Slide 8

OpenID

Twitter

MySpace †

WindowsLive

FaceBook

SimpleSAMLphpSecretariat

IdP

LDAP

Refeds wiki

Confluence

SimpleSAMLphpSP Proxy

SimpleSAMLphpBridge

Guest IdPs…

eduGAIN

3 morefederations

15 morebilaterals…

SURFfed

AAI@EduHR

???????IdPSP

?????? = Globally unique ID

› Generate globally unique identifier for ALL users that could possibly come in

› Pick first available attr name+value from:› eduPersonTargetedID› eduPersonPRincipalName› Openid/Twitter/FB/Myspace/windowslive/linkedin

› Append !IdP› Result + demo: https://tnc2011.core.terena.org

› (PG table)

Slide 9

https://tnc2011.core.terena.org/

Pre-login user provisioning

› Invitation system (demo)

Slide 10

TO Do

› Central user repository (LDAP/SQL)› Central group repository (DIY/Grouper/SURF/?)› Profile page to manage your data (SWICTH’s

javascript side bar/?)› Account linking (Login4life,David? )› Consent dialog upon first login

› -> Cherry pickin’ from community

Slide 11

Automated IdP checks?

Slide 12

All configured IdPs

IdPS that have our metadata

IdPs that have our metadata and that send usable attrs

Issues encountered

› Changing your SP metadata at remote parties takes a long time› So don’t start with 1K keys

› Non-federated users – guest accounts?› Too many guest options now

Slide 13

top related

perfsonar - terena · pdf file10th tf-emc2 meeting -...
Documents
identity services beyond web sso - terena tf-emc2... ·...
Documents
authentication - terena
Documents
emc2 (12).ppt
Documents
clarin aai requirements - terena · clarin aai requirements...
Documents
nieuwsbrief visser elektrotechniek winter 2014-2015 visser...
Documents
emc2 presentation
Technology
community pkis initiatives updates tf-emc2 meeting...
Documents
catálogo de servicios emc2 calidad
Documents
virtual organisations in grids terena tf-emc2, barcelona 8...
Documents
valdir adorni - compwire / emc2 - s.a.n essentials
Education
visser & visser algemeen
Documents
emc2 manual pages
Documents
de emc2 a emc10
Social Media
visser & visser kwartaalbalans met less energy
Documents
emc2 user manual fr
Documents
terena technical programme update terena general assembly...
Documents
original author: emc2-dp v2 - sundance dsp...figure 1:...
Documents
emc2 arrowhead talk
Documents
visser is iso 9001 gecertificeerd. visser sinds 1963 visser...
Documents