InCommon Shibboleth Workshop: Making it Easier to Federate
School of Professional Studies
200 Dyer Street, Room 101
November 13-14, 2018
9:00 am - 5:00 pm (ET)
Please note: the building does not open until 8:30 am.
Registration is closed
Looking to deploy InCommon-ready Shibboleth Service and Identity Providers in a way that’s easy to install and manage? Want first-hand experience with the world of containers and how they can make your life easier? We have scheduled a special edition of the InCommon Shibboleth Installation Workshop, and it goes beyond just installing software. If you are familiar with previous workshops - even those held earlier this year - you will find some exciting differences, so please read on.
New for this two-day session will be a focus on the Internet2 packaged Service Provider software -- including installation, configuration, and federating with Identity Providers. And, of course, we will cover the Identity Provider as well.. Both the Identity and Service Provider packages can be pre-configured to integrate out of the box with the InCommon Federation using recommended defaults.
Thinking about modernizing your operations? Join us and learn about the DevOps approach to managing your development and operations and how you can use the Docker containerized version of the software to streamline your work load. All of the training is done in a virtual machine (VM) environment, so you won’t need to know the details about containers.
A more-detailed look at the curriculum is at the end of this page.
Here is what you can expect:
- A two-day, directed self-paced workshop
- Hands-on installation of the identity provider and service provider software
- Experienced trainers providing overviews and one-on-one help
- Discussions on configuration and suggested practices for federation
- Attendance is limited to 40
The workshops will offer the chance to:
- Install a prototype Shibboleth identity and service provider in a virtual machine environment
- Gain experience with the Docker container version of the Shibboleth IdP
- Discuss how to configure and run the software in production
- We will also discuss integration with other identity management components such as LDAP, Grouper, COmanage, and other service providers
Knowledge of identity management concepts and related implementation experience is strongly recommended.
Directions and Parking
There is some on street metered parking but the best bet is the parking garage at 222 Richmond Street or across the street from that garage at the South Street Landing Parking Garage (hourly rate) - it is just a short walk to the building from these lots.
This link provides a list of Brown's partner hotels that offer discounted pricing. You can book directly.
Airport and Transportation
Providence is served by the T.F. Green Airport.
Providence is located on Amtrak's Northeast Corridor route between Washington and Boston, including the high-speed Acela service. The station is located at 100 Gaspee Street in downtown Providence.
Massachusetts Bay Transportation Authority (MBTA)
The Massachusetts Bay Transportation Authority (MBTA) runs low-cost, round-trip rail service from Boston to downtown Providence and to the T.F. Green Airport. Look for the Providence-Stoughton route on the MBTA website
Before You Arrive
Read and follow the preparation instructions:
We use VMs hosted on Amazon Web Services - these will be available the day of the class, so there is nothing you need download ahead of time.
Please note that the training requires you to bring a laptop.
You will need to have either an RDP client (for Windows) or SSH client (for Linux), plus root access to modify your etc/host files, depending on your choice of operating system for this class.
The training makes use of Virtual Machines (VMs), in this case derived from Amazon Marketplace Images (AMI) loaded on Amazon Web Services. The training team will provide access instructions when you arrive for the first day of the training.
You will need root/administrator access on the computer you will be bringing to class so that you can modify the local hosts file.
Your VM will be available during the training and for two weeks after the training. After two weeks, the VM will no longer exist, so be sure to save anything you need within two weeks of the end of the training.
- DevOps, Docker and Internet2 packaged software (overview/background)
- Internet2's Packaged Shibboleth IdP Training (https://spaces.at.internet2.edu/x/3BX9Bg)
- Planning Your IdP Service
- Authentication, attributes, LDAP, containers
- The Internet2 Packaged Shibboleth Docker IdP (see details on the wiki)
- The IdP Container
- Deploying the container
- Container Lifecycle
- Build a Docker image
- Build your config
- Understanding configuration files and options
- Run the container
- Making configuration changes
- Planning Your IdP Service
- A word about the InCommon-ready configuration and InCommon Baseline Expectations
- Advanced IdP Tasks
- Customizing the login page
- IdP-Initiated SSO
- Advanced Attribute Filter Policies
- Scripted Attributes
- Deliberate Failure
- SP installation and configuration (use Internet2 packaged container - which will be the first time in a training session)
- Reinforce key concepts about DevOps, containers, Internet2 packaged software
- Federated identity, SSO, and attributes
- Understanding the Shibboleth SP
- Authentication process - attributes, assertions
- How applications see and use information
- The SP container - creation and deployment
- Simple resource protection
- Application integration - more art than science
- ADFS (?)
- Advanced Discussion Topics
- Dealing with XML
- SAML proxies
- Per-entity metadata
- Discovery services
- Error handling
- Scopes, attributes, and metadata filtering
- Working/dealing with vendors
Tuesday and Wednesday, November 13-14, 2018
NOTE: All times are Eastern Daylight Time
9:00 - 10:30 a.m.
Welcome, Introductions, Background, Begin install
10:30 - 10:45 a.m.
10:45 a.m. - Noon
Noon - 1 p.m.
1 - 3 p.m.
3 - 3:15 p.m.
3:15 - 5 p.m.