|
|
(9 intermediate revisions by one other user not shown) |
Line 1: |
Line 1: |
| | {{New Docs}} |
| | |
| [[Image:ShibbolethLogoColor.png|right|Shibboleth logo]] | | [[Image:ShibbolethLogoColor.png|right|Shibboleth logo]] |
|
| |
|
| ==Shibboleth information==
| | Shibboleth is an international development supporting authentication and authorisation for web-based applications, based on international standards. Raven has supported the Shibboleth protocol (in addition to the older, local [[Raven/Webauth | Webauth]] protocol) since September 2007. |
| | |
| ===Background===
| |
| | |
| * [[A brief introduction to Shibboleth]]
| |
| * [https://spaces.internet2.edu/display/SHIB/ShibbolethGlossary Shibboleth Glossary]
| |
| * "Federated Security: The Shibboleth Approach", R. L. "Bob" Morgan, Scott Cantor, Steven Carmody, Walter Hoehn, and Ken Klingenstein - [http://www.educause.edu/pub/eq/eqm04/eqm0442.asp as html]; [http://www.educause.edu/ir/library/pdf/eqm0442.pdf as pdf]
| |
| * Part 3 of "Web Services Security", Bilal Siddiqui, talks about SAML (the Security Assertions Markup Language) which is what underpins Shibboleth. [http://webservices.xml.com/pub/a/ws/2003/03/04/security.html Part 1] [http://webservices.xml.com/pub/a/ws/2003/04/01/security.html Part 2] [http://webservices.xml.com/pub/a/ws/2003/05/13/security.html Part 3] [http://webservices.xml.com/pub/a/ws/2003/07/22/security.html Part 4]
| |
| * [http://hdl.handle.net/1988/2771 John Paschoud's 'Shibboleth: Guide for SysAdmins']
| |
| * [http://www-uxsup.csx.cam.ac.uk/~jw35/courses/itliaison/shib/ Jon's IT Liaison Meeting presentation], Jan 2007
| |
| * Jon's Techlink presentation, May 2007 [http://www-uxsup.csx.cam.ac.uk/~jw35/courses/techlink/shib-intro/ as HTML], [http://www-uxsup.csx.cam.ac.uk/~jw35/courses/techlink/shib-intro/shib-intro.pdf as PDF]
| |
| | |
| ===Organizations===
| |
| | |
| * [http://www.jisc.ac.uk/ JISC], and their [http://www.jisc.ac.uk/uploaded_documents/CMRoadmap03_05.doc Shibboleth plans] (MS Word format, sorry)
| |
| ** [http://involve.jisc.ac.uk/wpmu/jam/ JISC Access Management Team Blog]
| |
| * [http://www.becta.org.uk/ BECTA]
| |
| * [http://www.ukfederation.org.uk/ The UK Access Management Federation]
| |
| | |
| ===Shibboleth-compliant publishers===
| |
| | |
| * [http://www.ovid.com/ Ovid]
| |
| | |
| ===Software and reference===
| |
| | |
| * [http://shibboleth.internet2.edu/ Internet2 Shibboleth Project]
| |
| * [http://www.guanxi.uhi.ac.uk/index.php/Guanxi:About Guanxi] (an alternative implementation)
| |
| * [http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security SAML]
| |
| * [http://www.educause.edu/eduperson/ EduPerson] (while Shib doesn't require the EduPerson LDAP schema, it does use it to define some attributes)
| |
| * Athens:
| |
| ** [http://www.lib.cam.ac.uk/electronicresources/Access_Passwords.htm#Athens Local]
| |
| ** [http://www.athensams.net/ From Eduserv]
| |
| * [http://www.switch.ch/aai/support/tools/arpviewer.html ArpViewer]
| |
| | |
| ==Shibboleth Development Project==
| |
| | |
| ===Demo links===
| |
| | |
| UK Federation test targets (only the first will work from Lapwing):
| |
| * https://target.sdss.ac.uk/secure/index.html
| |
| * https://target.iay.org.uk:8446/secure/index.html
| |
| * https://target.iay.org.uk:8446/secure/printenv.cgi
| |
| * https://nevis.ed.ac.uk:8885/cgi-bin/printenv
| |
| | |
| Example SPs via Shib (not all guaranteed to be accessible from Cambridge):
| |
| * [https://spaces.internet2.edu/display/SHIB/WebHome Shibboleth Project Wiki]
| |
| * [https://weather.atomwide.com/ Atomwide Weather Project]
| |
| * [http://www.sciencedirect.com/ ScienceDirect]
| |
| * [http://www.filmandsound.ac.uk/ Film & Sound Online]
| |
| * [http://zetoc.mimas.ac.uk:8000/cgi-bin/shibb Zetoc Alert] (using SDDS SSL certificate; not from Lapwing)
| |
| * [http://zetoc.mimas.ac.uk:8000/cgi-bin/wzshib Zetoc Search] (dito)
| |
| * [http://www.jiscmail.ac.uk JISCMail] (see https://www.jiscmail.ac.uk/help/policy/shibmode.htm for details)
| |
| * [http://www.jvcs.ja.net/docs/bookingint.shtml JANET Videoconferencing Booking Service]
| |
| | |
| These and other SPs are listed on the UK Federation's [http://www.ukfederation.org.uk/content/Documents/AvailableServices Available Services] page.
| |
| | |
| * [https://mnementh.csi.cam.ac.uk/secure/ Local demo site] on mnementh
| |
| | |
| Example Athens content providers via Shib->Athens gateway:
| |
| | |
| * [https://auth.athensams.net/setorg.php?id=urn:mace:eduserv.org.uk:athens:provider:cam.ac.uk&ath_returl=https%3a%2f%2fwiki.csx.cam.ac.uk%2fraven%2fShibboleth Set HDDS cookie and come back here] (using setorg.php)
| |
| * [https://auth.athensams.net/setsite.php?id=urn:mace:eduserv.org.uk:athens:provider:cam.ac.uk&ath_dspid=ATHENS.MY&ath_returl=%2Fmy Set HDDS cookie and go to MyAthens] (using setsite.php)
| |
| | |
| [http://www.switch.ch/aai/support/tools/arpviewer.html ArpViewer]:
| |
| * [https://shib.raven.cam.ac.uk/arpviewer/useredit.jsp?standalone_next_url=https%3a%2f%2fwiki.csx.cam.ac.uk%2fraven%2fShibboleth Reset ArpViewer login preferences]
| |
| | |
| ===Project Documents===
| |
|
| |
|
| * [[Shibboleth Attribute Usage and Derivation]]
| | ; '''[[Shibboleth background and reference]]''' : links, mainly external, to background and reference information about Shibboleth and the Raven/Shibboleth service |
| * [[Assigning Athens permissions sets]]
| | ; '''[[Shibboleth software]]''' : sources of software implementing the Shibboleth protocol |
| * [[Data Protection issues with Shibboleth]]
| | ; '''[[Shibboleth documentation and HOWTOs]]''' : additional documentation and HOWTOs |
| * [[Shibboleth Attribute Release policy summary]]
| |
| * [[Shibboleth Attribute Release meta-Policy]]
| |
| * [[Using the Shibboleth to Athens Gateway]]
| |
| * [[Athens DA Protocol]]
| |
| * [[A University Shibboleth Glossary]]
| |
| * [[University IdP Terms and Conditions]]
| |
| * [[More on eduPersonPrincipleName]]
| |