Upload File

croatian research and education identity federation · 2017. 5. 29. · miroslav milinović...

  • Home
  • Documents
  • Croatian Research and Education Identity Federation · 2017. 5. 29. · Miroslav Milinović University of Zagreb, University Computing Centre (SRCE)
25
Miroslav Milinović University of Zagreb, University Computing Centre (SRCE) <[email protected]> CESSDA SAW Workshop Zagreb, March 1-2, 2017 AAI@EduHr Croatian Research and Education Identity Federation

Upload: others

Post on 25-Jan-2021

1 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • Miroslav Milinović

    University of Zagreb, University Computing Centre (SRCE)

    CESSDA SAW Workshop

    Zagreb, March 1-2, 2017

    AAI@EduHr

    Croatian Research and EducationIdentity Federation

    http://www.srce.unizg.hr/otvoreni-pristuphttp://www.srce.unizg.hr/http://creativecommons.org/licenses/by-nc/4.0/deed.hr

  • 2/25

    Contents

    • Identity federations

    • AAI@EduHr

    • eduGAIN

    • AAI@EduHr for SPs / developers

  • 3/25

    e-infrastucture

    Network services

    Data centers

    Computing resources(servers, storage, HPC, grid, …)

    Middleware(identity federations, AAA, …)

    Data services(digital archives, repositories, …)

    Information systems and applications

  • 4/25

    Identity federation model

    IdP SPtrust

    1

    2

    3

    consumes attributes;

    allows access

    authenticates user;

    provides attributes

    user accesses service

  • 5/25

    Mash federation model

    SP 1

    WAYF

    (MDS)

    IdP B

    login

    IdP A

    login

    SP 2

  • 6/25

    Hub-and-spoke federation model

    SP 1

    IdP B

    IdP A

    SP 2

    Hub(WAYF)

    login

  • 7/25

    Virtual Organisations (VOs) / Attribute Authorities (AAs)

    SP

    Entry point

    AAI

    component

    User

    IdP

    AAI

    component

    (LDAP)

    directory

    AA

    AAI

    component

    data

  • 8/25

    AAI@EduHr: Croatian R&E Identity Federation

    • Autentikacijska i autorizacijska infrastruktura znanosti i (visokog) obrazovanja u RH

    • in production since March 1, 2006

    • hub-and-spoke architecture

    • Policy document: Pravilnik o ustroju, ver.1.3.1(http://www.aaiedu.hr/docs/[email protected])

    • March 1, 2017:

    • 229 IdPs

    • 603 SPs

    • 878.173 e-identites

    • connected to:

    • global services: eduroam and eduGAIN

    • National e-gov service: NIAS (e-Građani)

    • Web: http://www.aaiedu.hr(notice: most of the documentation is in Croatian language only)

    http://www.aaiedu.hr/docs/[email protected]://www.aaiedu.hr/

  • 9/25

    AAI@EduHr in numbers

    Successful Web SSO authN:

    last 30 days: 2.964.140

    last 24 hours: 104.587

    Successful RADIUS authN:

    last 30 days: 14.013.800

    last 24 hours: 603.678

    (March 1, 2017)0

    500000

    1000000

    1500000

    2000000

    2500000

    3000000

    01/15 03/15 05/15 07/15 09/15 11/15 01/16 03/16 05/16 07/16 09/16 11/16

    successful SSO authN

  • 10/25

    More statistics …

    http://f-ticks.aaiedu.hr/statistike/

    http://f-ticks.aaiedu.hr/statistike/

  • 11/25

    Connections with other services

    www.eduroam.org

    www.edugain.org

    NIAS

    (e-Građani)

  • 12/25

    AAI@EduHr: Hub-and-spoke federation

    SP 1

    IdP B

    IdP A

    SP 2

    Hub(WAYF)

    login

    Central services

    provided by Srce

  • 13/25

    AAI@EduHr architecture

    SP

    entry point

    AAI@EduHr

    component

    Central

    AAI@EduHr services

    (RADIUS proxy, FWS,

    MDS, login/SSO, VO/AA)

    user [email protected]

    IdP

    AOSI-WS

    &

    RADIUS server

    LDAP directory

    HTTPS / SAML

    RADIUS

    HTTPS / SAML

    eduGAINsocial networks eduroam

    RADIUS

    RADIUS

    HTTPS / SOAP

    OpenID, …

    NIAS

    HTTPS / SAML

  • 14/25

    AAI@EduHr: IdM

    RADIUS

    AOSI - WS

    LDAP

    AOSI - Web

    AAI@EduHr

    IdP

  • 15/25

    What is eduGAIN?

    • educational Global Authentication Infrastructure

    • basic components:• eduGAIN Policy Framework (https://technical.edugain.org/documents)

    • MDS (Metadata Distribution Service; mds.edugain.org)

    https://technical.edugain.org/documentshttps://mds.edugain.org/

  • 16/25

    eduGAIN

    • in production since 2011

    • 41 member federations

    • www.edugain.org

    • technical.edugain.org

    http://www.edugain.org/http://technical.edugain.org/

  • 17/25

    AAI@EduHr in eduGAIN

    • AAI@EduHr is eduGAIN member

    • Srce represents AAI@EduHr in eduGAIN bodies

    • AAI@EduHr entites in eduGAIN:• all IdPs are automatically „in” eduGAIN

    • attribute release based on eduGAIN Attribute Profile

    • an IdP can opt-out

    • all SPs are „out”

    • an SP has to opt-in (ask Srce to be included)

    • an SP has to fulfill organisational and technical requirements

  • 18/25

    AAI@EduHr for SPs (Web SSO scenario)

    SP

    entry point

    AA component

    Central AAI@EduHr

    services

    user [email protected]

    IdP

    AOSI-WS

    LDAP directory

    HTTPS / SAML 2.0

    login

  • 19/25

    AAI@EduHr for SPs (Developers)

    • supported protocols:

    • SAML 2.0

    • RADIUS (network access, special cases of non-web-based services)

    • supported platforms:

    • PHP (simpleSAMLphp)

    • Java (Spring Security SAML, …)

    • .NET (OIOSAML.NET):

    • Python / Django

    • Shibboleth compatible tools/platforms

    • any platform compatible with SAML 2.0

    • testing environment: AAI@EduHr Lab

  • 20/25

    SP set-up in AAI@EduHr

    • study:

    • AAI@EduHr Policy(http://www.aaiedu.hr/docs/[email protected])

    • documentation for SPs

    • (http://www.aaiedu.hr/za-davatelje-usluga)

    • register your application via resource registry:

    • www.aaiedu.hr/aairr

    • indicate special cases: eduGAIN and/or additional login via social networks

    • make necessary ajustments in your application:

    • install missing components (e.g. SSP, SAML modules, …)

    • use AAI@EduHr LAB for testing

    • AAI@EduHr team provides support via e-mail address [email protected]

    http://www.aaiedu.hr/docs/[email protected]://www.aaiedu.hr/za-davatelje-uslugahttp://www.aaiedu.hr/aairr

  • 21/25

    AAI@EduHr and social networks

    http://www.unizg.hr/authdemo/

    http://otrs-test.srce.hr/http://www.unizg.hr/authdemo/

  • 22/25

    How to opt-in eduGAIN with your SP?

    • let Srce know:• we provide support / know-how

    • we publish your metadata / register your app. in eduGAIN

    • ajust your service policy:• privacy policy / CoCo (see eduGAIN documentation)

    • ajust technical components of your service:• attribute handling

    • discovery service (login screen / WAYF)

    • metadata handling

    • verify before production

  • 23/25

    Discovery service examples

    https://foodl.org/

    http://monitor.eduroam.org/db_web

    https://foodl.org/http://monitor.eduroam.org/db_web/http://monitor.eduroam.org/db_web

  • 24/25

    Learning opportunity

    • we organize a workshop for SPs / application developers on April 4

    • check http://www.srce.unizg.hr/dei/radionice

    http://www.srce.unizg.hr/dei/radionice

  • Srce politikom otvorenog pristupa široj javnosti

    osigurava dostupnost i korištenje svih rezultata rada

    Srca, a prvenstveno obrazovnih i stručnih informacija

    i sadržaja nastalih djelovanjem i radom Srca.

    Ovo djelo je dano na korištenje pod licencom

    Creative Commons Imenovanje-Nekomercijalno

    4.0 međunarodna.

    www.srce.unizg.hr creativecommons.org/licenses/by-nc/4.0/deed.hr www.srce.unizg.hr/otvoreni-pristup

    [email protected]

    AAI@EduHr

    http://www.aaiedu.hr

    http://www.srce.unizg.hr/http://creativecommons.org/licenses/by-nc/4.0/deed.hrhttp://www.srce.unizg.hr/otvoreni-pristuphttp://www.srce.unizg.hr/otvoreni-pristuphttp://www.srce.unizg.hr/http://creativecommons.org/licenses/by-nc/4.0/deed.hrhttp://www.aaiedu.hr/

Mission d’Assistance à Maîtrise d’Ouvrage · PNR LF PNR VA PNR LF SRCE Midi Pyrénées SRCE Midi Pyrénées SRCE Languedoc R. SRCE Languedoc R. SRCE Auvergne SRCE Auvergne SRCE

AAI@EduHr (From Radius Hierarchy to AAI) Miroslav Milinović University Computing Centre - Srce EuroCAMP Ljubljana, March 2006

Arnalda Milinović Zagreb, 28. rujna 2007

„DUNAV NAŠE KORENJE I NAŠE SRCE“ i "SRCE PANONIJE"

Zdravo srce

Nekoliko Brzih Priča by Krešimir Milinović

FILOLOGIJA - Srce

SEBECIC - Srce

Srce Jadrana

ŠIMUN MILINOVIĆ NADBISKUP BARSKI (1886-1910)

Zalutalo srce

savrseno srce

Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,

Rasprave - Srce

Zemlja Srce

KNJIŽEVNI - Srce

DUNAV NAŠE KORENJE I NAŠE SRCE, SRCE PANONIJE

Milinović rimski urbanizam i arhitektura skripta lektorirano

Srce - fiziologija

PRINOSI - Srce

Pronalaženje informacija na Internetu - cigla.gradst.hr · 0/46 Pronalaženje informacija na Internetu Miroslav Milinović [email protected] 2. Stručni skup Knjižnice hrvatskih učilišta

Sretan Božić i blagoslovljena Nova 2017. · PDF fileNe srce kameno, nego srce od mesa. Srce osjetljivo, srce koje još kuca, srce živo. Najveći broj ljudi umire od bolesti srca

Čkomi srce

Closing notes TERENA Networking Conference Lyngby, Denmark 21 - 24 May 2007 Miroslav MIlinović TERENA VP Conferences [email protected]

Closing Notes TERENA Networking Conference Malaga, 8 - 11 June 200 9 Miroslav MIlinović TERENA VP Conferences [email protected]

jednostavno srce

PETER MILINOVIĆ · 2013. 7. 12. · univerza na primorskem fakulteta za management peter milinoviĆ koper, 2013 magistrska naloga peter milinoviĆ 2013 magistrska naloga

Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,

flasprare - Srce

Document3 - Srce

Aspekti - Srce

RELATIONS - Srce

Igor Milinović, dipl. oec. urednik - savjetnik

Srce (cor)

PRIKAZI - Srce