Implementing a Shibboleth 2 Identity Provider & Service Provider
What will you learn?
On completion of this two day course, delegates will be able to:
- Describe the overall process and information flows seen in federated access
- Explain the difference between identity providers and service providers
- Identify the purpose of a federation
- Explain the importance of attributes, and the need for attribute encoders/decoders
- Carry out a analysis of what needs to be done within an organisation in order to meet all necessary prerequisites
- Apply their knowledge to install all software required for the installation of the Shibboleth Identity and Service Provider
- Carry out the install of the Shibboleth Identity Provider and Service Provider
- Perform basic configuration of the Identity Provider and Service Provider
- Configure the Identity Provider and Service Provider to release attribute information in a controlled manner
- Explain the concept of clustering the Identity Provider and the Service Provider, and what is needed to enable it
- Analyse access control requirements and implement these within the Service Provider
- Identify the most appropriate method of Shibboleth-enabling a website, and understand the implications of different methods of doing so
- Explain how to customise an Identity Provider with branding
- Suggest ways in which to get appropriate support.
Course Overview
The UK federation provide a standardised way of exchanging authentication and authorisation requests in a consistent, secure and privacy preserving manner. Organisations who have members who wish to access such resources may wish to run their own Shibboleth Identity Provider to enable this. Similarly organisations who have resources they wish to give access to through this method may wish to run their own Shibboleth Service provider to enable this.
This course will be held of two consecutive days.
The course will start off by providing a number of discussions and hands-on labs for delegates to work through individually and in a small group, centred around the installation and configuration of a Shibboleth 2 Identity Provider; this will then be tested against a reference Shibboleth 2 Service Provider.
It will then move on to centre around the installation and configuration of a Shibboleth 2 Service Provider; along with guidance and practical experience of integrating this with a web application's access control mechanism this installation will then be tested against a reference Shibboleth 2 Identity Provider.
This course includes some discussion of migration from an existing Shibboleth 1.3 installation.
Topics Covered
- Understanding Shibboleth
- Identity Provider Pre-requisites
- Identity Provider Installation
- Identity Provider Configuration
- Advanced Identity Provider Topics
- Service Provider Pre-requisites
- Service Provider Installation
- Service Provider Configuration
- Integrating Shibboleth with Web Applications
- Advanced Service Provider Topics
Who should attend?
This technical course is aimed at anyone responsible for implementing a Shibboleth 2 identity provider and/or service provider who has system administration skills with either Windows Server 2003 or Red Hat Linux.
Timetable/On the Day
The course timetable will be adjusted on the day to allow discussion of areas of particular interest to the audience. The course will therefore run from 10am to 4.30pm. Registration will take place from 09:30 – 10:00.
All our courses are designed to provide a balance between practical activities and information dissemination as research shows people learn when they are engaged within the instructional process. This course has a particular emphasis on hands-on activities which take up most of the day. These activities will be performed on a Linux (CentOS 5) or Windows (Windows Server 2003 SE) Virtual Machine (VM), running on VMWare Server on laptops provided as part of the course.
Please Note:
If you wish to work with the Linux VM you will be able to take a copy of the VM image home with you after the course to continue to practice and modify. Please bring a USB memory stick orportable external USB hard disk with at least 3GB of free space.
Due to licencing conditions associated with Windows, delegates wishing to work with the Windows VM do not have this option. However if you bring your own laptop to the course with a fully licensed and legal copy of Windows Server 2003 installed (either directly or in a VM) you will be able to use this during the course and thus keep the copy.
All delegates will receive a workbook specifically written for the course.
Related Courses
Introduction to the UK Federation
