The UK Access Management Federation provide a standardised way of exchanging authentication and authorisation requests in a consistent, secure and privacy-preserving manner. Organisations who have members who wish to access such resources may wish to run their own Shibboleth identity provider to enable this. Similarly, organisations who have resources they wish to give access to through this method may wish to run their own Shibboleth service provider to enable this.
This course will be held on two consecutive days by Rhys Smith, our chief technical architect, trust and identity. The course will start off by providing a number of discussions and hands-on labs for delegates to work through individually and in a small group, centred around the installation and configuration of a Shibboleth 3 identity provider; this will then be tested against a reference Shibboleth service provider.
It will then move on to centre around the installation and configuration of a Shibboleth 2 service provider; along with guidance and practical experience of integrating this with a web application's access control mechanism this installation will then be tested against a reference Shibboleth 3 identity provider.
This course includes some discussion of migration from an existing Shibboleth 2 IdP installation and a Shibboleth 1.3 SP installation.
- Share good practice and learn from others from within academic networking
- Tailored course specifically designed for Janet Network-connected organisations
- One year of online support following the course
- High-quality materials including case studies, checklist and examples
- Learn from subject matter experts within the Janet Network community
- Affordable prices
- All course materials, equipment and labs provided
Registration begins at 09:30 and the course will run between 10:00 and 16:30.
The course timetable will be adjusted on the day to allow discussion of areas of particular interest to the audience.
This course has a particular emphasis on hands-on activities which take up most of the day. These activities will be performed on either a Linux (CentOS 6) or Windows (Windows Server 2008 R2) Virtual Machine (VM), running on VMWare Server on laptops provided as part of the course.
All refreshments and lunch are provided.
If you wish to work with the Linux VM you will be able to take a copy of the VM image home with you after the course to continue to practice and modify. Please bring a USB memory stick or portable external USB hard disk with at least 3GB of free space.
Due to licensing conditions associated with Windows, delegates wishing to work with the Windows VM do not have this option. However, if you bring your own laptop to the course with a fully licensed and legal copy of Windows Server 2008 installed (either directly or in a VM) you will be able to use this during the course and thus keep the copy.
Who should attend
This technical course is aimed at anyone responsible for implementing a Shibboleth 2 identity provider and/or service provider who has system administration skills with either Windows Server 2008 R2 (64 bit) or CertOS 6 (64 bit).
What we cover
- Understanding Shibboleth
- Identity provider prerequisites
- Identity provider installation
- Identity provider configuration
- Advanced identity provider topics
- Service provider prerequisites
- Service provider installation
- Service provider configuration
- Integrating Shibboleth with web applications
- Advanced service provider topics
On completion of this one day course, delegates will be able to:
- Describe the overall process and information flows seen in federated access
- Explain the difference between identity providers and service providers
- Identify the purpose of a federation
- Explain the importance of attributes, and the need for attribute encoders/decoders
- Carry out an analysis of what needs to be done within an organisation in order to meet all necessary prerequisites
- Apply their knowledge to install all software required for the installation of the Shibboleth identity and service provider
- Carry out the install of the Shibboleth identity provider and service provider
- Perform basic configuration of the identity provider and service provider
- Configure the identity provider and service provider to release attribute information in a controlled manner
- Explain the concept of clustering the identity provider and the service provider, and what is needed to enable it
- Analyse access control requirements and implement these within the service provider
- Identify the most appropriate method of Shibboleth-enabling a website, and understand the implications of different methods of doing so
- Explain how to customise an identity provider with branding
- Suggest ways in which to get appropriate support
Pricing and eligibility
Jisc institutional members: £600 + VAT 1
Other organisations - £900 + VAT
- 1 f, in addition to paying a subscription, your institution has opted to become a Jisc institutional member, then - as part of our VAT-exempt cost sharing group - you will not be charged VAT on your course fee. For more information visit our VAT-exempt cost sharing group page: https://www.jisc.ac.uk/membership/vat-exempt-cost-sharing-group
For more information, email email@example.com or phone 01235 822242.