Unicon June 2014 IAM Briefing
If you can't read please download the document
-
Upload
john-gasper -
Category
Technology
-
view
114 -
download
3
description
Public briefing from Unicon's IAM team on observations and highlights about Apereo/Jasig CAS, Internet 2 Shibboleth, and Internet 2 Grouper. Unicon Open Source Support development progress and intentions for the next quarter are also shared. http://www.unicon.net/support
Transcript of Unicon June 2014 IAM Briefing
- 1. Unicon IAM Update CAS, Shibboleth, Grouper 26 June 2014 Mike Grady Misagh Moayyed Bill Thompson Audio is via Adobe Connect. There is no phone dial-in.
2. Welcome to this briefing Updates on CAS, Shibboleth and Grouper Unicon contributions to CAS, Shibboleth and Grouper Unicon's Open Source Support Q&A 3. Introduction: Mike Grady IAM, Shibboleth, CAS, Internet2 Scalable Privacy 36 years at University of Illinois before Unicon Unicons Open Source Support for Shibboleth technical lead 4. Introduction: Misagh Moayyed IAM, Shibboleth, CAS, uPortal, uMobile #1 CAS Committer over the last 3 years Unicons Open Source Support for CAS technical lead 5. Observations and Highlights 6. Past Events ShibbolethWorkshop Series - March 24-25 Durham, NC Internet2 Global Summit - April 6-10 Denver, CO Open Apereo 2014 - June 1-4 Miami, FL 7. Apereo IAM Sessions CASifying PeopleSoft & ADFS: http://lanyrd.com/2014/apereo/sdbbdp/ To CAS 3 and Beyond: http://lanyrd.com/2014/apereo/sczzzt/ Grouper for Beginners: http://lanyrd.com/2014/apereo/sdbdmm/ 2FA Authentication with CAS: http://lanyrd.com/2014/apereo/sdbbdh/ 8. ShibbolethWorkshop Series July 24-25, 2014 Indianapolis, IN ShibbolethWorkshop Series Sept 29-30, 2014 Newark, NJ Internet2Technology Exchange/IdentityWeek Oct 26- 30, Indianapolis, IN ShibbolethWorkshop Series Nov 10-11, 2014 Salt Lake City, UT Upcoming Events 9. Highlights About CAS 10. CAS Releases CAS 3.5.2.1 & CAS 3.4.12.1 (4/1/2014) SAML 2.0 Security Exploit Patch: Patch if you integrate with Google Apps, JICS, etc. CAS 4.0.0 (5/7/2014) 11. CAS 4: Features New /p3/serviceValidate endpoint for user attributes LPPE Improvements: OpenLDAP support, etc... Disallow Empty Service Registry Default Service Proxy AuthN set to Off Many more... 12. CAS 3.0 Protocol Return user attributes upon validation Backwards-compatible with clients 13. CAS Documentation http://jasig.github.io/cas 14. CAS: Moving Forward CAS v4.1: Discussion ongoing Join [email protected] CAS AppSec Working Group: https://wiki.jasig.org/display/CAS/CAS+AppSec+Working+Group 15. Highlights About Shibboleth 16. Shibboleth IdP v3 development in progress; https://wiki.shibboleth.net/confluence/display/DEV/IdP3Details Alpha1 release of IdP v3 just released this morning, see https://wiki.shibboleth.net/confluence/display/IDP30/ Multi-Context Broker (MCB) being deployed in production Latest versions: IdP v2.4.0, SP v2.5.3 (+2 patches for Windows SP*) * Heartbleed, OpenSSL 17. Identity Provider v3 Release Goals: Support extensions (i.e. uApprove) within profiles Improve rough spots in the API V2 protocol interoperable; API-incompatible https://wiki.shibboleth.net/confluence/display/IDP30/Software+Design Q3 Fall 2014 release is planned 18. Highlights About Grouper 19. Grouper v2.2 http://goo.gl/5LrGAR Released this... very soon! Optimized UI for desktop and mobile End-user friendly UI Security Enhancements 20. Grouper UI http://grouper-ui.uchicago.edu/hifi 21. Highlights About Unicon Participation in CAS, Shibboleth and Grouper 22. Open Source Support Support for open source software as adopted by the community Unicon collaborates to maintain the supported open source software making it more supportable and valuable to subscribers Act in the best interest of the subscribers, the community, and the project 23. CAS-related progress 24. cas-addons https://github.com/Unicon/cas-addons Latest available release: 1.11.1 New extensions: HazelcastTicketRegistry 25. CAS/ADFS Integration https://github.com/Unicon/cas-adfs-integration CASify Microsoft ADFS Delegate CAS AuthN to Microsoft ADFS 26. UniconLabs https://github.com/UniconLabs simple-cas-overlay-template Quick start for building a CAS deployment cas-surrogate-principal A CAS module that allows a principal to authenticate as another 27. Shibboleth-related progress 28. Shib-CAS authenticator v2 https://github.com/Unicon/shib-cas-authn2 Support for both forced and passive authN Simpler, externalized configuration CAS and Shibboleth can be on separate servers Communicate the entityId to CAS 29. Other work Updating Shib wiki as we discover areas to be improved, corrected, etc. from our work with the Shib software and related extensions. (E.g. Multi-Context Broker, Velocity template additions that allow use of Google Analytics to analyze IdP usage, etc.) Finalized Tomcat7 DTA-SSL https://wiki.shibboleth.net/confluence/x/WYFC 30. Future work Helping with testing of Shib IdP v3 In discussion with developer community to find more ways to assist Particular missing features you need? 31. Grouper Related Work uPortal: Roles and Permissions? Additional authZ connectors? CAS SSO for Grouper? https://spaces.internet2.edu/display/Grouper/Unicon+Grouper+Contributions 32. What we do Collaborate to maintain current stable recommended releases Work towards next releases Explore extensions and opportunities Responsive to inputs from subscriber experiences Feedback is especially welcome! Learn from providing support Empathize with your needs and projects 33. Lets do this again. Next Unicon IAM Update: Thursday November 6th 2014 2 PM Eastern/11 AM Pacific 34. Questions / Discussion Bill Thompson Director of IAM Practice [email protected] Mike Grady, Support for Shibboleth Technical Lead [email protected] Misagh Moayyed, Support for CAS Technical Lead [email protected]
