Changes between Initial Version and Version 1 of ShibbolethService


Ignore:
Timestamp:
05/20/08 10:39:57 (11 years ago)
Author:
joshuadf
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ShibbolethService

    v1 v1  
     1== Summary == 
     2 
     3Shibboleth is an implementation of web-based single sign-on (see "How it works" below). 
     4 
     5It is only for web applications, and requires configuration by both institutions (such as UW and FHCRC) and resource providers (such as 
     6ITHS). However, it uses existing web standards so this configuration should not require extensive customization of application code. All 
     7major platforms (Windows, Linux, Java, etc) are supported. 
     8 
     9The big advantage is that users provide their existing username and password to their own institution, which eliminates the need for 
     10maintenance of additional usernames and eases some privacy worries. 
     11 
     12 
     13== How it works == 
     14 
     15 * User visits a website such as the Internet2 Shibboleth wiki https://spaces.internet2.edu/display/SHIB2/Home and clicks "Log in" 
     16 
     17 * Website shows the user a wayfinder (WAYF) page that allows them  to select an institution, such as "University of Washington" 
     18 
     19 * Website then redirects the user to the chosen institution's sign-on page, for UW <https://weblogin.washington.edu/> 
     20 
     21 * After the user provides a username and password, the institution redirects the user back to the website. In the background, the user now has credentials (username and possibly status such as "faculty") 
     22 
     23 * The website sees the embedded username (REMOTE_USER) and displays "Welcome joshuadf@washington.edu" without requiring any additional password. 
     24 
     25 
     26== Issues == 
     27 
     28 * Some institutions do not want to provide actual usernames for privacy reasons, so instead provide a token such as "adfead1a2d90a966ef0a69071a2df31b@ucla.edu" 
     29 
     30 * Some applications such as Microsoft's Sharepoint run in a limited mode for non-local users 
     31 
     32 * Smaller institutions or private practices do not have the resources to set up a Shibboleth Identity Provider. As a workaround these 
     33 users will need to use a free public provider such as ProtectNetwork or be granted UW credentials 
     34 
     35 * UW does not currently have extensive guides for Shibboleth like it does for pubcookie, but probably will in the future 
     36 
     37 
     38== Links == 
     39 
     40Shibboleth from an application's point of view <http://shib.kuleuven.be/switch2shibboleth.shtml> 
     41 
     42Shibboleth home page <http://shibboleth.internet2.edu/> 
     43 
     44<http://en.wikipedia.org/wiki/Shibboleth_(Internet2)> 
     45 
     46 
     47Technical: 
     48 
     49 * Uses Security Assertions Markup Language (SAML) <http://www.xml.com/pub/a/2005/01/12/saml2.html> 
     50 
     51 * Interoperable with WS-Federation implementations such as Microsoft Active Directory Federation Services (ADFS) <https://spaces.internet2.edu/display/SHIB2/NativeSPADFS> 
     52 
     53 * Binaries for Windows, Linux, and Java as well as full source code available for download <http://shibboleth.internet2.edu/downloads.html> 
     54 
     55 
     56== My Demo == 
     57 
     58This uses the public testshib.org testing service 
     59 
     60*DO NOT ENTER YOUR OWN PASSWORD* 
     61<https://shibsp.biostr.washington.edu/secure/> 
     62*DO NOT ENTER YOUR OWN PASSWORD*