implementing kuali identity management at your institution jasig spring 2010 wednesday, march 10,...
TRANSCRIPT
![Page 1: Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am](https://reader035.vdocuments.mx/reader035/viewer/2022070402/56649f225503460f94c3a9dc/html5/thumbnails/1.jpg)
Implementing Kuali Identity Management at your Institution
Jasig Spring 2010Wednesday, March 10, 20108 am
![Page 2: Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am](https://reader035.vdocuments.mx/reader035/viewer/2022070402/56649f225503460f94c3a9dc/html5/thumbnails/2.jpg)
2
Implementing Kuali Identity Management at your Institution
Eric Westfall
Indiana University
Dan Seibert
University of California, San Diego
![Page 3: Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am](https://reader035.vdocuments.mx/reader035/viewer/2022070402/56649f225503460f94c3a9dc/html5/thumbnails/3.jpg)
Integrating KIM with other IdM products
Implementing Kuali Identity Management at your Institution
3
![Page 4: Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am](https://reader035.vdocuments.mx/reader035/viewer/2022070402/56649f225503460f94c3a9dc/html5/thumbnails/4.jpg)
4
KIM Integration
Integration with various Identity Management
Systems
![Page 5: Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am](https://reader035.vdocuments.mx/reader035/viewer/2022070402/56649f225503460f94c3a9dc/html5/thumbnails/5.jpg)
5
Integrating KIM with CAS
<Insert CAS slides here>
![Page 6: Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am](https://reader035.vdocuments.mx/reader035/viewer/2022070402/56649f225503460f94c3a9dc/html5/thumbnails/6.jpg)
6
Integrating KIM with LDAP
• LDAP Integration Efforts• University of Arizona• San Joaquin Delta College• UC Davis
• Using CAS to connect to LDAP
![Page 7: Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am](https://reader035.vdocuments.mx/reader035/viewer/2022070402/56649f225503460f94c3a9dc/html5/thumbnails/7.jpg)
7
KIM with LDAP (UofA example)
• UA netid is used for authentication• Identity information is available in UA’s Enterprise
Directory Service (EDS)• Connect to EDS using Spring LDAP and overriding the
KIM IdentityService
• KIM ParameterService provides map between KIM and LDAP attributes
• In order to use the KIM GUI’s properly, the UIDocumentService is also overridden
![Page 8: Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am](https://reader035.vdocuments.mx/reader035/viewer/2022070402/56649f225503460f94c3a9dc/html5/thumbnails/8.jpg)
8
Integrating KIM with LDAP
Configure CAS to connect to LDAP
![Page 9: Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am](https://reader035.vdocuments.mx/reader035/viewer/2022070402/56649f225503460f94c3a9dc/html5/thumbnails/9.jpg)
9
with
• Intra-campus Web SSO• Federated Access to a Rice application• KIM as an Identity Provider (IdP)• Using Shibboleth Attributes for KIM
authorization
![Page 10: Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am](https://reader035.vdocuments.mx/reader035/viewer/2022070402/56649f225503460f94c3a9dc/html5/thumbnails/10.jpg)
10
with Federated Authentication
Shibboleth Login Process
![Page 11: Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am](https://reader035.vdocuments.mx/reader035/viewer/2022070402/56649f225503460f94c3a9dc/html5/thumbnails/11.jpg)
11
with Federated Authentication
Protecting a Rice application as a Service Provider (SP)• A web server and openssl must be available first• Add Shibboleth filters to the web server.• Metadata defines the attributes to be passed
between the Identity Provider and Service Provider.• Override KIM Authentication Service
![Page 12: Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am](https://reader035.vdocuments.mx/reader035/viewer/2022070402/56649f225503460f94c3a9dc/html5/thumbnails/12.jpg)
12
with Federated Authentication
Metadata Example:<AttributeRule
Name=“urn:mace:dir:attribute-def:eduPersonPrincipalName”
Header=“REMOTE_USER”
Alias=“eppn”>
<AnySite>
<AnyValue/>
</AnySite>
</AttributeRule>
![Page 13: Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am](https://reader035.vdocuments.mx/reader035/viewer/2022070402/56649f225503460f94c3a9dc/html5/thumbnails/13.jpg)
13
with
KIM as an Identity Provider• Prerequisites: SSL certificate, source of SAML Metadata• Install Shibboleth IdP• Load SAML Metadata• Configure KIM as the User Authentication Mechanism• Implement kimAuthenticationService to authenticate the user
and provide the appropriate attributes.
![Page 14: Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am](https://reader035.vdocuments.mx/reader035/viewer/2022070402/56649f225503460f94c3a9dc/html5/thumbnails/14.jpg)
14
with
KIM as user Authentication Mechanism• Define Login Handler to match AuthenticationService
Ex: Remote User for reference AuthenticationService
Username/Password for LDAP Implementation
• Provide service endpoint for AuthenticationServiceImpl
![Page 15: Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am](https://reader035.vdocuments.mx/reader035/viewer/2022070402/56649f225503460f94c3a9dc/html5/thumbnails/15.jpg)
15
with Authorization Attributes
Using Shibboleth Attributes for KIM Authorization
• Identify Attribute Sources• Define Policies for Attribute Handling, for SPs• Define New Business Processes• Define New Policies
![Page 16: Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am](https://reader035.vdocuments.mx/reader035/viewer/2022070402/56649f225503460f94c3a9dc/html5/thumbnails/16.jpg)
16
with Federated Authentication
![Page 17: Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am](https://reader035.vdocuments.mx/reader035/viewer/2022070402/56649f225503460f94c3a9dc/html5/thumbnails/17.jpg)
17
with
KIM / Grouper Collaboration
![Page 18: Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am](https://reader035.vdocuments.mx/reader035/viewer/2022070402/56649f225503460f94c3a9dc/html5/thumbnails/18.jpg)
18
with
Adapter OverviewCustom Implementation of KIM Services using Grouper Client API• GroupService• GroupUpdateService• IdentityService
![Page 19: Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am](https://reader035.vdocuments.mx/reader035/viewer/2022070402/56649f225503460f94c3a9dc/html5/thumbnails/19.jpg)
19
with
Installation• grouperClient.jar• grouperKimConnector.jar• grouper.client.properties• Override kimGroupService, kimIdentityService
https://spaces.internet2.edu/display/GrouperWG/Grouper+integration+with+Kuali+Rice
![Page 20: Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, 2010 8 am](https://reader035.vdocuments.mx/reader035/viewer/2022070402/56649f225503460f94c3a9dc/html5/thumbnails/20.jpg)