Shibbolizing uPortal and a Path for Proxy Authentication with Shibboleth
Materials
Presenters
- Tom Barton, UChicago
- Scott Cantor, The Ohio State University / Internet2
- Andrew Petro, Unicon
Metadata
Track
- Integration and Deployment
(Design and development also a candidate)
Format
one-hour presentation
Description
Up to 500 words:
Shibboleth is well-regarded Internet2-sponsored software implementing federated identity management (authentication and attribute release). While some uPortal adopters are already in production using Shibboleth, the deeper use of Shibboleth user attributes and even authentication tokens proxiable through JSR-168 portlets has been further documented, discussed, and developed at the most recent JASIG UnConference and in efforts since then involving Internet2 and JASIG participants. The purpose of this session is to review the state of the art in Shibbolization of uPortal, available code and documentation, and next steps for further functionality.
Relevant links:
Shib-uPortal space in Internet2 wiki: https://spaces.internet2.edu/display/ShibuPortal/Home
Notes from the Madison, WI JASIG UnConference session on Shibbing uPortal: http://wiki.jasig.org/display/JCON/Shibbing+uPortal
Abstract URL
This page.
Tags
- uPortal
- Shibboleth
- Internet2
- Identity Management
- Portlets
Outline
Introduction and stage setting (Tom Barton)
Use cases for Shibboleth in uPortal (Tom Barton)
- Boring, basic, stupid logging in the user (just the username)
- User attributes (taking advantage of Shibboleth user attribute release!)
- Delegated authentication: portlets in the portal making use of Shibboleth to authenticate to backing services
- What UChicago is trying to do with authentication in their uPortal
Shibboleth in uPortal (Andrew Petro)
- How uPortal's Remote User authentication support can be combined with the Shibboleth Service Provider module to achieve use of Shibboleth for user login
- How uPortal's pluggable user attribute support, along with some code developed by/for JHU and UChicago, can be combined with the Shibboleth Service Provider to achieve availability of Shibboleth-conveyed user attributes for use by the portal framework and be made available to individual portlets
- Prospective efforts to enable delegated authentication by portlets running in the portal to authenticate to backing services
Technical issues and vision (Scott Cantor)
- How Shibboleth IdP and SP are enhanced and configured to make this possible
- Policy knobs and their knobbiness
- Principled authentication: advantages of this aproach
- Etc.
Conclusion (Scott Cantor)
- Pointers to where to follow this effort / get more information
- Who to corner and talk to at the conference about this
- Open Q&A