columbia educational resources online: a shib-enabling case study carol kassel columbia university...
TRANSCRIPT
![Page 1: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/1.jpg)
Columbia Educational Resources Online: A Shib-Enabling Case Study
Carol KasselColumbia UniversityDigital Knowledge Ventures (DKV)
Copyright Carol Kassel 2004. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
![Page 2: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/2.jpg)
Table of contents
BackgroundWhy we used ShibbolethProject detailsKey playersCaveatsChallengesSuccess!Future plans
![Page 3: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/3.jpg)
Background
Digital Knowledge Ventures: develops and distributes digital resources beyond CU’s campusCreated “e-seminars” (3-5-hour learning experiences based on CU courses)Available to CU community on campus (free) and individual consumers (paid)Free registration on Columbia InteractivePaid registration on Fathom
![Page 4: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/4.jpg)
E-Seminar Example
![Page 5: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/5.jpg)
Columbia Interactive Sample Page
![Page 6: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/6.jpg)
Columbia Interactive Registration
![Page 7: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/7.jpg)
Along Came CERO
Changes in market, demise of Fathom: new audiences soughtBegan licensing content for institutional subscribers, with free trial available to allRequired new, cleaner site: Columbia Educational Resources Online (CERO)Access to CERO: IP address or username/ password, all contained in Universal Registration System (URS)
![Page 8: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/8.jpg)
CERO Sample Page
![Page 9: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/9.jpg)
Reaching out to alumni
University Development and Alumni Relations (UDAR) approached DKV: address need to reach out to alumniGoal: to provide alumni access to CU online resources, such as e-seminarsAlumni already have usernames, called University Network IDs (UNIs)New site to be built: Learning@Columbia, e-seminar gateway for alumni
![Page 10: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/10.jpg)
Why we used Shibboleth
Problem 1: How could we allow access to seminars via UNI login and still handle existing audiences?Problem 2: How could we maintain security of UNI system in all transactions?Problem 3: How could we make login process smooth and seamless?Problem 4: How could we require login once and keep users logged in for duration of browser session?Answer: Shibboleth!
![Page 11: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/11.jpg)
Project details: Audiences
Three audiences: CU affiliates with valid UNI/password Non-CU users with valid username/password Users at subscribing institutions with valid IP
address
CERO already served first two, so we selected CERO to be Shibboleth target (Service Provider)
![Page 12: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/12.jpg)
Shibboleth setup
![Page 13: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/13.jpg)
Shibboleth origin (IdP) 1: CU
CU origin existed for NSDL, but needed customization for CEROLogin form uses WIND (Web Identification Network Dæmon), CU’s preferred Web ISOStandard interface maintains uniform look and feel – inspires user trustAll information secure
![Page 14: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/14.jpg)
CU origin login UI
![Page 15: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/15.jpg)
Shibboleth origin (IdP) 2: URS
URS origin did not exist yet; needed to be set upPreviously, sole UI was basic authorization pop-up boxCustom UI needed to be built; cobranded with DKV and CU Press logos for future scalability
![Page 16: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/16.jpg)
URS origin login UI
![Page 17: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/17.jpg)
WAYF
Existing users would have one more click (WAYF) before logging inGoal: make WAYF as plain as possible to direct users appropriatelyMust allow for the addition of more origins in the future
![Page 18: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/18.jpg)
WAYF design
![Page 19: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/19.jpg)
Other details
IP address recognition would take place outside of ShibbolethDifferent ARPs for each origin: CU origin provides EPPN; URS origin provides EPPN, subscribed resources, expirationLogging process changes to accommodate web usage reporting
![Page 20: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/20.jpg)
Sample .htaccess file
![Page 21: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/21.jpg)
Key players
Walter Hoehn (Electronic Publishing Initiative at Columbia (EPIC), now University of Memphis): expertise in ShibbolethNoah Levitt (EPIC): creator of URS, no previous Shibboleth experienceAndrew Johnston, Steve McGrath (Academic Information Systems (AcIS)): WIND developers, server configuration handlers, no previous Shibboleth experienceCarol Kassel (DKV): project manager, no previous Shibboleth experience
![Page 22: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/22.jpg)
Caveats (how hard can it be?)
Many pieces to the puzzle – takes longer than you think – pad your schedule!Eye-opening details for those who had not worked with Shibboleth beforeSome CERO-specific details required thought and workarounds“Necessary evils” (example to follow)
![Page 23: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/23.jpg)
Necessary evil example
![Page 24: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/24.jpg)
Challenge 1: Learning@Columbia
Learning@Columbia would contain list of “featured seminars”Assumption: most L@C users would be alumni – bypass the WAYF?Additional: redirect users to seminar “splash page”Solution: create redirect page in protected area, with hardcoded link to CU origin login
![Page 25: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/25.jpg)
Learning@Columbia Design
![Page 26: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/26.jpg)
Seminar splash page
![Page 27: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/27.jpg)
Shib-enabled login process
![Page 28: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/28.jpg)
Challenge 2: Web server
Shib already running on alternate web server, not main web serversDecision: move CERO to alternate web server – do not install Shib on main web serversSome disadvantages to doing so, but benefits outweighed them
![Page 29: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/29.jpg)
Challenge 3: Certificates
Login info must be passed securely among all Shib componentsRequires several certificates, some internal, some externalPurchased new cert and repurposed existing certsCU origin still requires user to download certs – some friction for alumni
![Page 30: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/30.jpg)
Challenge 4: Server config changes
CU origin fairly straightforwardBrand-new origin setup (for URS) had more details than expectedSeveral intricate config changes required in dev, test, and production machines
![Page 31: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/31.jpg)
Challenge 5: “cero” vs. “www.cero”
2 different URLs: cero.columbia.edu and www.cero.columbia.eduEverything set up for cero but not www.cero!Rude awakening at testing time; scrambled to fix
![Page 32: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/32.jpg)
Success!
Deployed November 2003Very little downtime; very few technical problemsPromotion to alumni in Feb 2004: excellent response rate, no major issues
![Page 33: Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel](https://reader030.vdocuments.net/reader030/viewer/2022032600/56649db05503460f94a9e287/html5/thumbnails/33.jpg)
Possible future applications
Move away from IP address auth to Shib for subscribing institutions who have that capabilityShib-enable other websitesDeploy Shib on main web servers