Introduction to federated management

Target audience

This module is intended for organisations that:

  • provide resources (e.g. research data) and services (e.g. processing of the research data) for scientific research and education in various fields, such as bioinformatics, high-energy physics, arts and humanities, libraries and so forth;
  • would like to protect their assets from unauthorised access by using an authentication and authorisation infrastructure (AAI).

Learning goals

  • Understand which are the benefits and gains of federated identity management;
  • Learn how to protect static web pages and applications;
  • Learn how attributes can be used within web applications.

Introduction

Readers who are not familiar with the concept of AAI should first read the ‘Federations 101’ training module that explains the basic concepts.

The main part of this module is delivered in presentation format and a link to the slides is provided below.

The module is designed with a practical and hands-on approach in mind, though it is by necessity fairly technical and detailed in parts. The presentation slides are primarily intended for use in face-to-face training sessions with trainers who are able to walk the participants through the explanations and exercises and provide assistance as required.

In order to provide secure online access to its resources/services to users from an AAI, a resource or service provider will need to install a server, called a service provider (SP), and integrate it with its resources/services. In this sub-module, participants will install, test and configure a service provider using open source Shibboleth SP software. The goal is to familiarise the participants with the basic configuration of Shibboleth SP. At the end of the training, participants should have learned the main aspects involved in running a Shibboleth SP.

Main goals of the training

During the training session participants are expected to learn:

  • What are the benefits and gains of federated identity management;
  • What are the main components of Shibboleth software and how do they work;
  • How to install and configure a Shibboleth 2 service provider;
  • How and where to configure basic Shibboleth 2 service provider functionalities;
  • How to protect static web pages and applications;
  • How attributes can be used within web applications;
  • How to integrate a Shibboleth 2 service provider in a specific research infrastructure.

Training prerequisites

Participants should have a basic understanding of federations and federated identity management, including the related terminology, and have an awareness of its benefits. They should also be familiar with the concepts and motivations behind running services in an AAI. Basic Linux skills are also highly desirable.

Training takes place on a virtual machine (VM). The VM image can be run in Virtual Box (recommended) or VMware Player/Fusion. To run the SP training VM the following minimum requirements have to be met:

  • The user must have administration privileges on the laptop
  • Any recent (< 4 years) Intel or AMD processor
  • 4 GB RAM (at least 1.5GB free memory)
  • 12 GB free hard disk space
  • Internet connectivity
  • Virtual Box (or VMWare Player) installed and fully operational.

Integration with a specific research infrastructure’s AAI

Many research infrastructures have their own authentication and authorisation infrastructure. Examples of how to integrate a service with a specific research infrastructure’s AAI can be found at the links below:

Slides