Shibboleth session @ IGeLU Ghent Meeting 2010

26
Shibboleth session @ IGeLU Ghent Meeting 2010 Ghent University, September 1st 2010 Wednesday, 15 September 2010

description

Presentation from Shibboleth session at IGeLU conference in Ghent

Transcript of Shibboleth session @ IGeLU Ghent Meeting 2010

Page 1: Shibboleth session @ IGeLU Ghent Meeting 2010

Shibboleth session @ IGeLU Ghent Meeting

2010Ghent University, September 1st 2010

Wednesday, 15 September 2010

Page 2: Shibboleth session @ IGeLU Ghent Meeting 2010

Agenda

• Shibboleth implementation challenges at SFX, MetaLib, DigiTool, Aleph

• Solutions for missing support for multiple affiliations at SFX, MetaLib, DigiTool authorisation

Wednesday, 15 September 2010

Page 3: Shibboleth session @ IGeLU Ghent Meeting 2010

Agenda

• Hooking up SFX into Shibboleth Service Provider

• Aleph as a primary identity source

• Working with e-resources in Shibboleth environment hands-on

Wednesday, 15 September 2010

Page 4: Shibboleth session @ IGeLU Ghent Meeting 2010

Case studies

Wednesday, 15 September 2010

Page 5: Shibboleth session @ IGeLU Ghent Meeting 2010

Charles University in Prague

• 100 % Shibboleth access @ e-resources

• EZproxy as Shibboleth gateway

• MetaLib, SFX, Aleph, DigiTool

• University Information System as primary users identities source, LDAP, IdP 2.1.5-slo

Wednesday, 15 September 2010

Page 6: Shibboleth session @ IGeLU Ghent Meeting 2010

Czech National Library

• just implemented Shibboleth IdP 2

• EZproxy, HAN

• MetaLib, SFX, Aleph

• Aleph as primary users identities source

• ML, SFX - National Information Gateway

Wednesday, 15 September 2010

Page 7: Shibboleth session @ IGeLU Ghent Meeting 2010

Academy Of Sciences Library

• just implemented Shibboleth IdP 2.1.5

• EZproxy, Squid HTTP proxy

• MetaLib, SFX, Aleph

• Aleph as primary user identities source

Wednesday, 15 September 2010

Page 8: Shibboleth session @ IGeLU Ghent Meeting 2010

Shibboleth & SFX

• Not supported by PDS

• Implementation proxy style

Wednesday, 15 September 2010

Page 9: Shibboleth session @ IGeLU Ghent Meeting 2010

Shibboleth & SFX

• Challenges

• giving up user authentication at SFX, resources activation for DEFAULT institute

• consequences - menu, AZs, exports, MARCit!, Google Scholar export, RSI, Verde

Wednesday, 15 September 2010

Page 10: Shibboleth session @ IGeLU Ghent Meeting 2010

Shibboleth & SFX

• 1: one user group - one institution in SFX instance

• N: several user groups - several institutions in SFX instance

Wednesday, 15 September 2010

Page 11: Shibboleth session @ IGeLU Ghent Meeting 2010

Shibboleth & SFX• AZ (subscribed and free e-journals for one or

more institution), selective inheritance

• 1

• exclude in AZ for DEFAULT if used

• N

• exclude - doesn’t solve different selective subscriptions by two or more institutions

• or disable inheritance and give up free Open-Access e-journals in institutions AZs

Wednesday, 15 September 2010

Page 12: Shibboleth session @ IGeLU Ghent Meeting 2010

Shibboleth & SFX

• MARCit! (subscribed and free e-journals for one or more institution), auto inheritance

• I

• no change

• N

• export SPECIFIC targets

Wednesday, 15 September 2010

Page 13: Shibboleth session @ IGeLU Ghent Meeting 2010

Shibboleth & SFX

• Export (subscribed and free e-journals for one or more institution), auto inheritance

• I

• no change

• N

• export SPECIFIC targets

Wednesday, 15 September 2010

Page 14: Shibboleth session @ IGeLU Ghent Meeting 2010

Shibboleth & SFX

• Google Scholar exports (subscribed and free e-journals for one or more institution), auto inheritance

• I

• no change

• N

• faulty institutions exports

Wednesday, 15 September 2010

Page 15: Shibboleth session @ IGeLU Ghent Meeting 2010

Shibboleth & SFX

• RSI (subscribed and free e-journals for one or more institution), auto inheritance

• I

• no change

• N

• faulty institutions exports

Wednesday, 15 September 2010

Page 16: Shibboleth session @ IGeLU Ghent Meeting 2010

Shibboleth & SFX

• Possibility to implement Shibboleth authentication as external script

• http://sfx.jib.cz/sfxkiv3/cgi/public/user_cookie.cgi?

• SFX v3 Advanced User Guide, Setting user_profile Cookies

Wednesday, 15 September 2010

Page 17: Shibboleth session @ IGeLU Ghent Meeting 2010

Shibboleth & SFX

• Challenges

• possibility to set up just one Institute or Group in institute variable

Wednesday, 15 September 2010

Page 18: Shibboleth session @ IGeLU Ghent Meeting 2010

Shibboleth & MetaLib

• Supported by PDS

• Challenges

• just one affiliation per user considered in authorisation

Wednesday, 15 September 2010

Page 19: Shibboleth session @ IGeLU Ghent Meeting 2010

Shibboleth & DigiTool

• Supported by PDS

• Challenges

• just one affiliation per user considered in authorisation

Wednesday, 15 September 2010

Page 20: Shibboleth session @ IGeLU Ghent Meeting 2010

Shibboleth & Aleph

• Supported by PDS

• One affiliation per user considered in authorisation doesn’t matter

Wednesday, 15 September 2010

Page 21: Shibboleth session @ IGeLU Ghent Meeting 2010

Aleph as users identities source

• CAS - LDAP sync using ORACLE scripts

• CNL - MULTIDATA Praha - Dynamic LDAP

• http://www.multidata.cz/english/universal-dynamic-ldap-server

Wednesday, 15 September 2010

Page 22: Shibboleth session @ IGeLU Ghent Meeting 2010

Shibboleth & Primo, Primo Central

• Supported by PDS

• no experiences yet, sorry

Wednesday, 15 September 2010

Page 23: Shibboleth session @ IGeLU Ghent Meeting 2010

Multiple affiliations solutions

• User selection of primary user affiliation/entitlement at IdP

• IdP provide selected affiliation at eduPersonEntitlement or xxxPersonPrimaryEntitlement

Wednesday, 15 September 2010

Page 24: Shibboleth session @ IGeLU Ghent Meeting 2010

PDS hints

• Support for Shibboleth 2

• Support for Single Logout

Wednesday, 15 September 2010

Page 25: Shibboleth session @ IGeLU Ghent Meeting 2010

Shibboleth hands-on

• Charles University E-resources Portal

• pez.cuni.cz

• testing affiliates welcomed :-)

Wednesday, 15 September 2010

Page 26: Shibboleth session @ IGeLU Ghent Meeting 2010

Contact

Jiří Pavlík

CESNET / Charles University in Prague

http://www.cuni.cz/~pavlik

Wednesday, 15 September 2010