Shibbolizing uPortal and a Path for Proxy Authentication with Shibboleth

Owned by Andrew Petro
Last updated: Sept 15, 2014 by John A. Lewis
2 min read

Materials

  File Modified

Microsoft Powerpoint 97 Slideshow Shibboleth Delegation.ppt

Mar 03, 2009 by Scott Cantor

File shib_uPortal.odp tweaked. Eliminated rogue Code Example slide. Enriched delegated shib convenience library. Deferred to Scott's Shibboleth Delegation deck.

Mar 03, 2009 by Andrew Petro

PDF File shib_uPortal.pdf Updated PDF reflecting tweaked slides. Removed rogue code example. Enriched delegated shib library. Deferred to Scott's Shib Delegation deck.

Mar 03, 2009 by Andrew Petro

Presenters

  • Tom Barton, UChicago
  • Scott Cantor, The Ohio State University / Internet2
  • Andrew Petro, Unicon

Metadata

Track

  • Integration and Deployment

(Design and development also a candidate)

Format

one-hour presentation

Description

Up to 500 words:

Shibboleth is well-regarded Internet2-sponsored software implementing federated identity management (authentication and attribute release). While some uPortal adopters are already in production using Shibboleth, the deeper use of Shibboleth user attributes and even authentication tokens proxiable through JSR-168 portlets has been further documented, discussed, and developed at the most recent JASIG UnConference and in efforts since then involving Internet2 and JASIG participants. The purpose of this session is to review the state of the art in Shibbolization of uPortal, available code and documentation, and next steps for further functionality.

Relevant links:

Shib-uPortal space in Internet2 wiki: https://spaces.internet2.edu/display/ShibuPortal/Home

Notes from the Madison, WI JASIG UnConference session on Shibbing uPortal: http://wiki.jasig.org/display/JCON/Shibbing+uPortal

Abstract URL

This page.

Tags

  • uPortal
  • Shibboleth
  • Internet2
  • Identity Management
  • Portlets

Outline

Introduction and stage setting (Tom Barton)

Use cases for Shibboleth in uPortal (Tom Barton)

  • Boring, basic, stupid logging in the user (just the username)
  • User attributes (taking advantage of Shibboleth user attribute release!)
  • Delegated authentication: portlets in the portal making use of Shibboleth to authenticate to backing services
  • What UChicago is trying to do with authentication in their uPortal

Shibboleth in uPortal (Andrew Petro)

  • How uPortal's Remote User authentication support can be combined with the Shibboleth Service Provider module to achieve use of Shibboleth for user login
  • How uPortal's pluggable user attribute support, along with some code developed by/for JHU and UChicago, can be combined with the Shibboleth Service Provider to achieve availability of Shibboleth-conveyed user attributes for use by the portal framework and be made available to individual portlets
  • Prospective efforts to enable delegated authentication by portlets running in the portal to authenticate to backing services

Technical issues and vision (Scott Cantor)

  • How Shibboleth IdP and SP are enhanced and configured to make this possible
  • Policy knobs and their knobbiness
  • Principled authentication: advantages of this aproach
  • Etc.

Conclusion (Scott Cantor)

  • Pointers to where to follow this effort / get more information
  • Who to corner and talk to at the conference about this
  • Open Q&A