February 13th, 2014 - Unicon IAM Webinar Update
-
Upload
misagh-moayyed -
Category
Technology
-
view
155 -
download
0
description
Transcript of February 13th, 2014 - Unicon IAM Webinar Update
![Page 1: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/1.jpg)
Unicon IAM UpdateCAS, Shibboleth, Grouper
13 February 2014Mike Grady • Misagh Moayyed
Audio is via Adobe Connect. There is no phone dial-in.
![Page 2: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/2.jpg)
Welcome to this briefing
• Updates on CAS, Shibboleth and Grouper
• Unicon contributions to CAS, Shibboleth and Grouper
• Unicon's Open Source Support
• Thanks, Q&A
![Page 3: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/3.jpg)
Introduction: Mike Grady
• IAM, Shibboleth, CAS, Internet2 Scalable Privacy
• 36 years at University of Illinois before Unicon
• Unicon’s Open Source Support for Shibboleth technical lead
![Page 4: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/4.jpg)
Introduction: Misagh Moayyed
• IAM, Shibboleth, CAS, uPortal, uMobile
• 2 years full time with Unicon
• Unicon’s Open Source Support for CAS technical lead
![Page 5: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/5.jpg)
This session is being recorded.
• Will post after:
• Slides
• Notes blog post with useful hyperlinks
• Slidecast with audio
![Page 6: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/6.jpg)
Observations and Highlights
![Page 7: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/7.jpg)
• Identity Week, November 11-15 2013: REFEDS, CAMP, ACAMPBurlingame, CA
• Apereo Camp, January 27-30 2014:CAS, uPortal, OpenRegistry, SakaiMesa, AZ
Past Events
![Page 8: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/8.jpg)
Upcoming Events• Shibboleth Workshop Series - March 24-25
Durham, NC
• Internet2 Global Summit - April 6-10Denver, CO
• Open Apereo 2014 - June 1-4Miami, FL
• Internet2 Technology Exchange – Oct 26-30Indianapolis, IN
![Page 9: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/9.jpg)
HighlightsAbout CAS
![Page 10: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/10.jpg)
CAS4
• RC3 released. To RC4 and beyond...
• APIs to support MFA use cases
• Password policy improvements
• CAS documentation revamp; See http://jasig.github.io/cas
![Page 11: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/11.jpg)
CAS4 - Documentation
![Page 12: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/12.jpg)
Highlights About Shibboleth
![Page 13: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/13.jpg)
Shibboleth
• IdP v3 development in progress;https://wiki.shibboleth.net/confluence/display/DEV/IdP3Details
• Community news at http://shibboleth.net/community/news
• Latest versions: IdP v2.4.0, SP v2.5.3
![Page 14: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/14.jpg)
Identity Provider v3
• Release Goals:
• Support extensions (i.e uApprove) within profiles
• Improve “rough spots” in the API
• V2 protocol interoperable; API-incompatiblehttps://wiki.shibboleth.net/confluence/display/IDP30/Software+Design
• Q3 Fall 2014 release is planned
![Page 15: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/15.jpg)
Multi-Context Brokerhttps://github.com/Internet2/Shibboleth-Multi-Context-Broker
• IdP “LoginHandler” to orchestrate among multiple authentication contexts, including MFA.
• Provide support for InCommon Assurance initative
• Pluggable authentication modules
• V1.0.0 is now available
![Page 16: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/16.jpg)
Highlights About Grouper
![Page 17: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/17.jpg)
Grouper v2.2http://goo.gl/5LrGAR
• Release expected by late Spring
• Services in Grouper
• Ability to write SCIM
• Improved Grouper configuration
• ...and...
![Page 19: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/19.jpg)
Highlights About Unicon Participation in CAS,
Shibboleth and Grouper
![Page 20: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/20.jpg)
Open Source Support• Support for open source software as
adopted by the community
• Unicon collaborates to maintain the supported open source software making it more supportable and valuable to subscribers
• “Act in the best interests of the subscribers, of the community, and of Unicon”
![Page 21: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/21.jpg)
CAS-related progress
![Page 22: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/22.jpg)
CAS
• Password policy improvements
• Attributes in the CAS response
![Page 23: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/23.jpg)
cas-addons• https://github.com/Unicon/cas-addons
• Latest available release: 1.10
• New extensions:
• Hazelcast ticket registry
• Dynamic login view selection
• Request-based ticket expiration policy
• …
![Page 24: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/24.jpg)
cas-addons - HazelcastTicketRegistry
![Page 25: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/25.jpg)
UniconLabshttps://github.com/UniconLabs
• cas-strap
• cas-sso-sessions-report
• service-registry-pattern-tester
• ...
![Page 26: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/26.jpg)
Shibboleth-related progress
![Page 27: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/27.jpg)
Shib-CAS authenticator v2
• https://github.com/UniconLabs/shib-cas-authn2
• CAS “LoginHandler” for Shibboleth Idp v2.x
• Simpler, externalized configuration
• No context-sharing requirement
• Communicate the “entityId” to CAS
• Currently in BETA status
![Page 28: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/28.jpg)
Shib-CAS authenticator v2
![Page 29: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/29.jpg)
CAS-Shibboleth: Integration possibilities
• Shib-CAS-authenticator v2 combined with Multi-Context broker?
• CAS attributes to supplement the IdP's authentication context?
• CAS to resolve/release attributes to the IdP?
...reduce duplicate configuration and overhead
![Page 30: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/30.jpg)
Shib-Config-UI
• https://github.com/UniconLabs/shib-config-ui
• Web interface to explore the configuration:
• What attributes are released to this SP?
• What is the SSO session length?
• Further UI enhancements and features planned
![Page 31: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/31.jpg)
Future work
• In discussion with developer community to find more ways to assist
• Finalizing Tomcat7 DTA-SSL
• Particular missing features you need?
![Page 32: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/32.jpg)
Grouper-related progress
![Page 33: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/33.jpg)
AuthZ Connectors
• Grouper & Apache Shiro
• Grouper & Spring Security
• Grouper & .NET Framework
• Grouper & Person Directory
• Grouper & OAuth w/ CAS
https://spaces.internet2.edu/display/Grouper/Unicon+Grouper+Contributions
![Page 34: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/34.jpg)
More potential
• Additional authZ connectors?
• CAS-SSO for Grouper?
• Grouper & uPortal: Roles and Permissions?
![Page 35: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/35.jpg)
Next Steps
![Page 36: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/36.jpg)
What we do• Collaborate to maintain current stable
recommended releases
• Work towards next releases
• Explore extensions and opportunities
• Responsive to inputs from subscriber experiences
• Explicit requests
• Learn from providing support
• Empathize with your needs and projects
![Page 37: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/37.jpg)
Feedback welcome
• Subscribers are welcome encouraged to get in touch directly if you’d like any of this information contextualized to your specific situation. E.g., Should I upgrade to the next release of shib-cas-authenticator?
• By all means, do get in touch.
![Page 38: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/38.jpg)
Let’s do this again.
• Next Unicon IAM Update:
• Thursday June 19th 2014
• 12 PM MST
![Page 39: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/39.jpg)
Questions / Discussion via Adobe Connect
chat?• Mike Grady,
Support for Shibboleth Technical Lead [email protected]
• Misagh Moayyed, Support for CAS Technical [email protected]
![Page 40: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/40.jpg)
(License)
This work is licensed under the Creative Commons Attribution-NonCommercial 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/3.0/us/.
![Page 41: February 13th, 2014 - Unicon IAM Webinar Update](https://reader034.fdocuments.us/reader034/viewer/2022051513/5479d22bb479598a098b4866/html5/thumbnails/41.jpg)
Photo credits
• Personal photos of Mike, and Misagh: all rights reserved.
• Microphone:http://www.flickr.com/photos/deanhp/3711222265/http://creativecommons.org/licenses/by/2.0/deed.en