Shibboleth authentication & eduroam - Uniuni.net.th/.../22/011_eduroam-RADIUS-Shiboleth.pdf ·...
Transcript of Shibboleth authentication & eduroam - Uniuni.net.th/.../22/011_eduroam-RADIUS-Shiboleth.pdf ·...
![Page 1: Shibboleth authentication & eduroam - Uniuni.net.th/.../22/011_eduroam-RADIUS-Shiboleth.pdf · -Reveres proxy suzuki ***** Authentication is just Once! Only input ID and Password](https://reader033.fdocuments.us/reader033/viewer/2022060416/5f13c0295a7f520e0663205a/html5/thumbnails/1.jpg)
Shibboleth authentication & eduroam
Secure authentication solutionto access web and Wi-Fi
Falcon System Consulting Inc.Katsumi Yamashita
![Page 2: Shibboleth authentication & eduroam - Uniuni.net.th/.../22/011_eduroam-RADIUS-Shiboleth.pdf · -Reveres proxy suzuki ***** Authentication is just Once! Only input ID and Password](https://reader033.fdocuments.us/reader033/viewer/2022060416/5f13c0295a7f520e0663205a/html5/thumbnails/2.jpg)
©2015 Falcon System Consulting, Inc. All Rights Reserved
Academic
2
Shibboleth Authentication Service Platform
AD orLDAP
IdP Server/Cloud
Shibboleth IdP AuthenticationEduroam SP
※Secure access for browser-based two factor authentication※AD:Active Directory※LDAP:Lightweight Directory Access Protocol※IdP:ID Provider※SP:Service Provider
SSL-VPN SP
Electronic library
![Page 3: Shibboleth authentication & eduroam - Uniuni.net.th/.../22/011_eduroam-RADIUS-Shiboleth.pdf · -Reveres proxy suzuki ***** Authentication is just Once! Only input ID and Password](https://reader033.fdocuments.us/reader033/viewer/2022060416/5f13c0295a7f520e0663205a/html5/thumbnails/3.jpg)
©2015 Falcon System Consulting, Inc. All Rights Reserved
A: ID syainAPW ****
・・
A: ID ****APW ****
・・
A: ID A****PW ****
・・
groupware
ELECTRONICJOURNAL
other webapplication
Shibboleth SP Server
Employee A
-Reveres proxy
suzuki********
Authentication isjust Once!
Only input ID and Password to WisePoint once, and you can access every web applicationwithout respective password to individual system.
WisePoint can single-sign-on to various systems, such as O365, GoogleApps, Salesforce,
Mail,GroupWare and web applications developed by user’s own.
No needs to input
【employee ID/PW】
Single sign on Authentication
![Page 4: Shibboleth authentication & eduroam - Uniuni.net.th/.../22/011_eduroam-RADIUS-Shiboleth.pdf · -Reveres proxy suzuki ***** Authentication is just Once! Only input ID and Password](https://reader033.fdocuments.us/reader033/viewer/2022060416/5f13c0295a7f520e0663205a/html5/thumbnails/4.jpg)
©2015 Falcon System Consulting, Inc. All Rights Reserved
Account@Adapter provides
RADIUS Proxy for eduroam
RADIUS/LDAP/CA/DHCP services
Account@Adapter support eduroam
University BAAA infrastructure
Cloud
University A
Student ofUniversity B
Student ofUniversity A
RADIUS Proxy
University CAAA infrastructureUniversity A
AAA infrastructure
CampusNetwork
The user account of other universitiesforwards to regional TLRS.
The intramural user refers toLocal DB or AAA infrastructure.
LocalDB
TLRS:Top Level RADIUS ServerCA:Certification Authority
VirtualAppliance
RADIUS Client
RADIUS Client
![Page 5: Shibboleth authentication & eduroam - Uniuni.net.th/.../22/011_eduroam-RADIUS-Shiboleth.pdf · -Reveres proxy suzuki ***** Authentication is just Once! Only input ID and Password](https://reader033.fdocuments.us/reader033/viewer/2022060416/5f13c0295a7f520e0663205a/html5/thumbnails/5.jpg)
©2015 Falcon System Consulting, Inc. All Rights Reserved
Account@Adapter provides
RADIUS Proxy for eduroam
RADIUS/LDAP/CA/DHCP services
Account@Adapter support eduroam
University BAAA infrastructure
Internet
University A
Student ofUniversity B
Student ofUniversity A
RADIUS Proxy
University CAAA infrastructureUniversity A
AAA infrastructure
CampusNetwork
The user account of other universitiesforwards to regional TLRS.
The intramural user refers toLocal DB or AAA infrastructure.
LocalDB
TLRS:Top Level RADIUS ServerCA:Certification Authority
VirtualAppliance
RADIUS Client
RADIUS Client