Anwendungen sch ützen mit Shibboleth 4. Shibboleth-Workshop Berlin, 28. Februar 2007
Shibboleth Penn State Case Study Renée Shuey Senior Systems Engineer ITS – Emerging Technologies...
-
Upload
merilyn-austin -
Category
Documents
-
view
214 -
download
1
Transcript of Shibboleth Penn State Case Study Renée Shuey Senior Systems Engineer ITS – Emerging Technologies...
ShibbolethPenn State Case Study
Renée ShueySenior Systems Engineer
ITS – Emerging TechnologiesOctober 13, 2003
Penn State/NC State Pilot
• Summer 2002– ~ 20 students, 2 weeks, 1 course
• Fall 2002– ~200 students– 3 courses
• Spring 2003– ~1800 students– Successful login: 63,026 – All courses
Penn State/NC State Pilot
• Hardware: Dell Poweredge 1650 , Dual 1.2 GHz Pentium III 1GB RAM 30 GB HD Intel 82544EI Gigabit Ethernet Controller
• Software: RedHat Linux 9 Apache 1.3.27 Tomcat 4.1.24 Sun Java 1.4.1_03 Shibboleth Origin 1.0
Pilot to Production
• Agree on attributes/formats for WebAssign– eduPersonEntitlement, eduPersonAffiliation,
eduPersonPrincipalName, Common Name– Ex. URN:PSU.EDU:COURSE:UP:PHYS211L:002
• Upgrade to RedHat 9.0• Upgrade to Shibboleth 1.1• Configure Attribute Release Policy (ARP)
set up to release attributes to webassign.net
Pilot to Production
• Update LDAP eduPersonEntitlement with course/section/campus location
• Share keystore for pilot and production servers until InCommon is production ready
• Create regular expression for multi-value attributes in the ARP
• Join InCommon• WebAssign dynamic update
Production Environment
• Hardware: IBM BladeCenter w/ 2-way 2.4 GHz Intel w/ 2.5 GB memory
• Software: RedHat Linux 9.0 Apache 1.3.28 Tomcat 4.1.24 Sun Java 1.4.1_03 Shibboleth Origin 1.1
…<Requester>www.webassign.net</Requester> <AnyResource/> </Target> <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName"> <AnyValue release="permit"/> </Attribute> <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement"> <AnyValue release="permit"/> </Attribute> <Attribute name="urn:mace:dir:attribute-def:cn"> <AnyValue release="permit"/> </Attribute> </Rule>
</AttributeReleasePolicy>
<Attribute xmlns:typens="urn:mace:shibboleth:1.0" AttributeName="urn:mace:dir:attribute-def:eduPersonEntitlement" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"> <AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="typens:AttributeValueType"> URN:PSU.EDU:COURSE:UP:PHYS211L:002 </AttributeValue> <AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="typens:AttributeValueType"> URN:PSU.EDU:COURSE:UP:PHYS211R:030 </AttributeValue> </Attribute> <Attribute xmlns:typens="urn:mace:shibboleth:1.0" AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"> <AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Scope="psu.edu" xsi:type="typens:AttributeValueType"> member </AttributeValue>
What’s Next?
• Investigate Shibboleth Meteor Gateway• Use Shibboleth to access PHEAA from
student web applications• Investigate Shibboleth for non Web
applications such as LionShare (P2P)• Continue to pilot with Library vendors• Incorporate University of Michigan’s
Cosign (WebISO) with our origin site