Installation and Configuration Patrik Schnellmann,

Similar documents
Installation and Configuration Valéry Tschopp,

Authorizing Access to SPs. SWITCHaai Team

Technical Background Information

One small step for the Shib admin, one giant leap for the SAML community?

AAI Tutorial. SWITCHaai Team

AA Enabling applications Why and how to make web applications AAI ready. Lukas Hämmerle

Discovery Service Options

Integration of Web Applications

AAI Attributes Thomas Lenggenhager,

Shibboleth Plumbing: Implementation and Architecture

Discovery Service Options. SWITCHaai Team

Embedded WAYF A slightly new approach to the discovery problem. Lukas Hämmerle

CHUV CHUV. Vincent Bex Systems Engineer Patrick Zosso Infrastructure Project Manager

AAI Attributes Thomas Lenggenhager,

Account Checking on a SP

Federated Identity Management

Shibboleth/Federation Operator Tutorial TIIME Workshop DAASI International. Date: 6 Feb 2018

Federated Identity Management

Web Server Administration

Security Provider Integration SAML Single Sign-On

Security Provider Integration: SAML Single Sign-On

SLCS and VASH Service Interoperability of Shibboleth and glite

Web Application Performance Testing with MERCURY LOADRUNNER

SAML 2.0 Software comparison Andreas Åkre Solberg EuroCAMP, Athens,

Discovery Service Options

Authentication & Authorization systems developed for CTA

Embedded Discovery Service Or how to save some clicks during AAI authentication. Lukas Hämmerle

Connect. Communicate. Collaborate. GN2 JRA5 update. Jürgen Rauschenbach (DFN), JRA5 team 04/02/08 Marseille. JRA5 Team

EGI-InSPIRE. GridCertLib Shibboleth authentication for X.509 certificates and Grid proxies. Sergio Maffioletti

Ch04 JavaServer Pages (JSP)

Nolij Transfer 6 Migration Planning & Preparation. Danielle Whitney Services Product Manager

Siebel Installation Guide for Microsoft Windows

Shibboleth authentication for Sync & Share - Lessons learned

The ehealth platform

WEBSPHERE APPLICATION SERVER

Security Provider Integration SAML Single Sign-On

Databases on the web

ShibVomGSite: A Framework for Providing Username and Password Support to GridSite with Attribute based Authorization using Shibboleth and VOMS

Crystal Enterprise. Overview. Contents. Web Server Overview - Internet Information System (IIS)

Manual Ftp Windows 7 Server Iis 7.5 Smtp >>>CLICK HERE<<<

Demystifying Identity Federation. Colleen Murphy ~ cmurphy

Live Data Connection to SAP Universes

Single Logout with the SWITCH edu-id IdP

SSO Integration Overview

System Administrator Manual

SWITCHaai Service Description

Note: Oracle Consulting can provide technology assessments and architectural planning workshops to guide you through these processes.

HP OpenVMS Application Modernization and Integration Infrastructure Package, Version 2.3

Novell Access Manager

Banner Student. Banner Student: Communication Plan, Population Selection and Letter Generation. Description

Syllabus INFO-GB Design and Development of Web and Mobile Applications (Especially for Start Ups)

Alongside Windows 8.1

AAI at Unil. Home Organization Integration

Authentication for Web Services. Ray Miller Systems Development and Support Computing Services, University of Oxford

How To Start Mysql Use Linux Command Line Windows 7

Princess Nourah bint Abdulrahman University. Computer Sciences Department

StratusLab Cloud Distribution Installation. Charles Loomis (CNRS/LAL) 3 July 2014

Apache 2.2 Service Specific Error Code 1

Configuring Web Server Devices

Experiment No: Group B_2

APS Application Certification Criteria

Web Engineering (Lecture 08) WAMP

Setting up a Shibboleth SP

Inf 202 Introduction to Data and Databases (Spring 2010)

Security context. Technology. Solution highlights

1. Oracle mod_plsql v in Oracle9i Application Server v1.0.2.x (Oracle9iAS v1.0.2.x)

This tutorial will teach you how to use Java Servlets to develop your web based applications in simple and easy steps.

Sentences Installation Guide. Sentences Version 4.0

ENTRUST CONNECTOR Installation and Configuration Guide Version April 21, 2017

AAI Login Demo. SWITCHaai Introduction Course Bern, 1. March Daniel Lutz

Yellowfin SAML Bridge Web Application

IBM Host Access Client Package for Multiplatforms, V5 IBM Personal Communications and IBM WebSphere Host On-Demand Migrate to the Web at your own pace

Apache, PHP, and MySQL on Itanium Challenges and Goodies

Attributes for Apps How mobile Apps can use SAML Authentication and Attributes

At Course Completion Prepares you as per certification requirements for AWS Developer Associate.

Entrust Connector (econnector) Venafi Trust Protection Platform

PHP. MIT 6.470, IAP 2010 Yafim Landa

Siebel REST API Guide. Siebel Innovation Pack 2017, Rev. A November 2017

Security Enhancements in Informatica 9.6.x

Contents. Deployment: Automated Installation of Cygwin

NetBackup Deployment Template User Guide for Chef

Manually Password Protect Directories Apache Ubuntu

DOCUMENT COMPOSITION. Template Management Editoring Templates. Document Composition and Output Management.

IDENTIKEY Authentication Server

PHP-security Software lifecycle General Security Webserver security PHP security. Security Summary. Server-Side Web Languages

Red Hat JBoss Web Server 3.1

How to Setup a Development Environment for ONAP

Oracle Cloud Getting Started with Remote Data Connector for Oracle Analytics Cloud

Installation Apache Manually Windows Server 2008 R2 64 Bit

SFTPPlus Client SFTPPlus Server 1.5.1

Configuring the IdP for interfederation use

Quick Connection Guide

Developing Web Sites with Free Software

Chapter 1: Product Requirements and Specifications

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

TABLE OF CONTENTS 1. INTRODUCTION DEFINITIONS Error! Bookmark not defined REASON FOR ISSUE 2 3. RELATED DOCUMENTS 2 4.

Using the Computer Programming Environment

Identity Services Overview from 3 rd Party UK federation commercial identity Providers

COPYRIGHTED MATERIAL

ELECTRONIC LOGBOOK BY USING THE HYPERTEXT PREPROCESSOR

Transcription:

Installation and Configuration Patrik Schnellmann, <schnellmann@switch.ch> 2005 SWITCH

Deployment Guides HOWTOs and Guides http://www.switch.ch/aai/howto/ Shibboleth Target Deployment Guides http://www.switch.ch/aai/targetdeployment.html Apache Compilation and Installation on Linux (debian stable) Compilation and Installation on Solaris Configuration Guide for Linux and Solaris IIS Deployment Guide for Windows 2

What you need to get... Shibboleth Install Package: http://www.switch.ch/aai/docs/shibboleth/internet2/1.2/ Sample configuration files for SWITCHaai http://www.switch.ch/aai/docs/shibboleth/switch/1.2/ SWITCHpki certificate for your Web Server http://www.switch.ch/aai/certificates.html 3

SWITCHaai Settings shibboleth.switchaai.xml Identifier in <Applications> providerid=urn:mace:switch.ch:switchaai:pilot:{hostname} SWITCHpki Server Certificate Location in <Credentials> /etc/apache/ssl.key/{hostname}.key /etc/apache/ssl.crt/{hostname}.crt Error Pages Customization in <Errors> supportcontact={contact_email} HTML pages, logo and stylesheet SWITCHaai Federation Metadata {FederationProvider} for sites.switchaai.xml {TrustProvider} for trust.switchaai.xml {AAPProvider} for AAP.switchaai.xml 4

SWITCHaai Settings specific for IIS IIS specific settings in shibboleth.xml Protected Web Locations in <RequestMapProvider> (Access Rules Configuration) IIS Site ID Mapping in <Implementation> 5

Federation Metadata SWITCHaai Federation Metadata Accepted Certification Authority certificates within SWITCHaai trust.xml Home Organizations participating within SWITCHaai sites.xml More information: http://www.switch.ch/aai/metadata.html http://www.switch.ch/aai/ca-acceptance-policy.html 6

Federation Metadata - Auto-Updates Siterefresh Shell script (Standard Linux shell / Windows Cygwin) Automatical updates of the Federation Metadata (sites.xml / trust.xml) Security given by verification of the files signatures Get the script and documentation: http://www.switch.ch/aai/siterefresh.html 7

AAI-enabling Apache Patrik Schnellmann, <schnellmann@switch.ch> 2005 SWITCH

Apache Software Components Apache Webserver Shibboleth Target (mod_shib) Tomcat Connector (mod_jk) PHP (mod_php) Apach e mod_shib mod_php mod_jk Modules Shibboleth Target (SHAR) SHAR PHP Applications Java Applications (Tomcat, ) PHP Application Tomcat Java Application 1 Java Application 2 9

Static Authorization in Apache Rules in httpd.conf or.htaccess for Shibboleth Target 1.2.1 Any AAI user <Location /secure> AuthType shibboleth ShibRequireSession On require valid-user </Location> One user <Location /restricted> AuthType shibboleth ShibRequireSession On require uniqueid 314592@aaitest.switch.ch </Location> All users except from VHO <Location /secure> AuthType shibboleth ShibRequireSession On require homeorganizationtype ~ ^[^vv][^hh][^oo] </Location> Reference: http://www.switch.ch/aai/docs/shibboleth/internet2/1.2/deploy-guide-target1.2.1.html#4.d. 10

AAI-enabling IIS Patrik Schnellmann, <schnellmann@switch.ch> 2005 SWITCH

Software Components IIS Web Server Shibboleth Target (isapi_shib) Shibboleth Target (SHAR) Tomcat via JK/JK2 Dynamic Web Pages (ASP, Java, PHP, ) 12

Configuring Access Rules in IIS Rules in shibboleth.xml for Shibboleth Target 1.2.1... <RequestMap applicationid="default"> <Host name= some.host.ch"> <Path name="secure" requiresession="true" exportassertion="false"> </Path> </Host> </RequestMap>... isapi_shib forces authentication on requests for files in http://some.host.ch/secure/ 13

isapi_shib, Future Features for IIS In the current 1.2.1 version, access configuration is rather limited if compared with the Apache module Fine grained access control has to be handled by the application The future version (1.3) Is expected to provide more flexible access control rules Will to be released mid 2005 14

Questions? Q & A http://www.switch.ch/aai aai@switch.ch 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback