2014 Q4 IAM Open Source Support Program Update
-
Upload
john-gasper -
Category
Technology
-
view
748 -
download
3
Transcript of 2014 Q4 IAM Open Source Support Program Update
Unicon IAM Update
CAS, Shibboleth, Grouper
13 February 2014Mike Grady Misagh Moayyed
Audio is via Adobe Connect. There is no phone dial-in.
Welcome to this briefing
Updates on CAS, Shibboleth and Grouper
Unicon contributions to CAS, Shibboleth and Grouper
Unicon's Open Source Support
Thanks, Q&A
Unicon's CAS strategy* Participate directly in CAS* Develop open source software on behalf of clients* Inform maintenance development through supportYou have to source your support somewhere* In-house staff* Goodwill and engagement of the community* Commercial partner (e.g., Unicon)* (Reality Often combination of these)Unicon's "Cooperative" Support* Cooperates with you, your staff, the community* Support experiences yield improved public documentation* Support-inspired and subscriber-needs-guided open source maintenance development** Directly in and available for adoption with the Jasig CAS softwareThank you to our support subscribers!* Support subscriptions make Unicon maintenance development possible* Support experiences and subscriber input guide Unicon maintenance development towards the worthwhile
Introduction:
Mike Grady
IAM, Shibboleth, CAS, Internet2 Scalable Privacy
36 years at University of Illinois before Unicon
Unicons Open Source Support for Shibboleth technical lead
Introduction:
Misagh Moayyed
IAM, Shibboleth, CAS, uPortal, uMobile
2 years full time with Unicon
Unicons Open Source Support for CAS technical lead
This session is being recorded.
Will post after:
Slides
Notes blog post with useful hyperlinks
Slidecast with audio
Observations and Highlights
Identity Week, November 11-15 2013: REFEDS, CAMP, ACAMP
Burlingame, CA
Apereo Camp, January 27-30 2014:
CAS, uPortal, OpenRegistry, Sakai
Mesa, AZ
Past Events
Upcoming Events
Shibboleth Workshop Series - March 24-25
Durham, NC
Internet2 Global Summit - April 6-10
Denver, CO
Open Apereo 2014 - June 1-4
Miami, FL
Internet2 Technology Exchange Oct 26-30
Indianapolis, IN
Highlights
About CAS
CAS4
RC3 released. To RC4 and beyond...
APIs to support MFA use cases
Password policy improvements
CAS documentation revamp;
See http://jasig.github.io/cas
CAS4 - Documentation
Highlights
About Shibboleth
Shibboleth
IdP v3 development in progress;
https://wiki.shibboleth.net/confluence/display/DEV/IdP3Details
Community news at http://shibboleth.net/community/news
Latest versions: IdP v2.4.0, SP v2.5.3
Identity Provider v3
Release Goals:Support extensions (i.e uApprove) within profiles
Improve rough spots in the API
V2 protocol interoperable; API-incompatible
https://wiki.shibboleth.net/confluence/display/IDP30/Software+Design
Q3 Fall 2014 release is planned
Multi-Context Broker
https://github.com/Internet2/Shibboleth-Multi-Context-Broker
IdP LoginHandler to orchestrate among multiple authentication contexts, including MFA.
Provide support for InCommon Assurance initative
Pluggable authentication modules
V1.0.0 is now available
Highlights
About Grouper
Grouper v2.2
http://goo.gl/5LrGAR
Release expected by late Spring
Services in Grouper
Ability to write SCIM
Improved Grouper configuration
...and...
New Grouper UI!
http://grouper-ui.uchicago.edu/hifi
Highlights About Unicon Participation in CAS, Shibboleth and Grouper
Open Source Support
Support for open source software as adopted by the community
Unicon collaborates to maintain the supported open source software making it more supportable and valuable to subscribers
Act in the best interests of the subscribers, of the community, and of Unicon
CAS-related progress
CAS
Password policy improvements
Attributes in the CAS response
cas-addons
https://github.com/Unicon/cas-addons
Latest available release: 1.10
New extensions:Hazelcast ticket registry
Dynamic login view selection
Request-based ticket expiration policy
cas-addons - HazelcastTicketRegistry
UniconLabs
https://github.com/UniconLabs
cas-strap
cas-sso-sessions-report
service-registry-pattern-tester
...
Shibboleth-related progress
Shib-CAS authenticator v2
https://github.com/UniconLabs/shib-cas-authn2
CAS LoginHandler for Shibboleth Idp v2.x
Simpler, externalized configuration
No context-sharing requirement
Communicate the entityId to CAS
Currently in BETA status
Shib-CAS authenticator v2
CAS-Shibboleth:
Integration possibilities
Shib-CAS-authenticator v2 combined with Multi-Context broker?
CAS attributes to supplement the IdP's authentication context?
CAS to resolve/release attributes to the IdP?
...reduce duplicate configuration and overhead
Shib-Config-UI
https://github.com/UniconLabs/shib-config-ui
Web interface to explore the configuration:What attributes are released to this SP?
What is the SSO session length?
Further UI enhancements and features planned
Future work
In discussion with developer community to find more ways to assist
Finalizing Tomcat7 DTA-SSL
Particular missing features you need?
Grouper-related progress
AuthZ Connectors
Grouper & Apache Shiro
Grouper & Spring Security
Grouper & .NET Framework
Grouper & Person Directory
Grouper & OAuth w/ CAS
https://spaces.internet2.edu/display/Grouper/Unicon+Grouper+Contributions
More potential
Additional authZ connectors?
CAS-SSO for Grouper?
Grouper & uPortal: Roles and Permissions?
Next Steps
What we do
Collaborate to maintain current stable recommended releases
Work towards next releases
Explore extensions and opportunities
Responsive to inputs from subscriber experiences
Explicit requests
Learn from providing support
Empathize with your needs and projects
Feedback welcome
Subscribers are welcome encouraged to get in touch directly if youd like any of this information contextualized to your specific situation. E.g., Should I upgrade to the next release of shib-cas-authenticator?
By all means, do get in touch.
Lets do this again.
Next Unicon IAM Update:
Thursday June 19th 2014
12 PM MST
Questions / Discussion via Adobe Connect chat?
Mike Grady,
Support for Shibboleth Technical Lead [email protected]
Misagh Moayyed,
Support for CAS Technical Lead
[email protected]
(License)
This work is licensed under the Creative Commons Attribution-NonCommercial 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/3.0/us/.
Photo credits
Personal photos of Mike, and Misagh: all rights reserved.
Microphone:
http://www.flickr.com/photos/deanhp/3711222265/
http://creativecommons.org/licenses/by/2.0/deed.en