Dark Clouds&Silver LiningsPresentation for FAM11

Martin HamiltonTwitter: @martin_hamiltonBlog: martinh.net

Scratchpad:goo.gl/Oh9pG

Background: SSO at Loughborough

• Mostly coalesced around Active Directory Kerberos / LDAP authentication

• Not true "Single" Sign-On, as additional logins with same credentials required

• Hacks and bodges to simulate web SSO• Separate user IDs and/or passwords for

oLibrary, Students Union, Agresso etc

Enter: Google Apps for Education

• Requirement for access using University credentials: Trojan Horse for true SSO

• SSO examples using Shibboleth, simpleSAMLphp etc

• Interest in offering Google for Alumni• simpleSAMLphp readily hacked to do our

bidding

Enter: Loughborough University Login

What We Learned: Browser Stats

What We Learned: OS Stats

What We Learned: Phones/Tablets

What We Learned: Location

What We Learned: Location

What We Did

• simpleSAMLphp identity provider, hacked to check against AD & Google

• Integration with Shibboleth (MSL Students Union system)

• Integration with Guanxi (GroupGTI TargetConnect careers system)

• Moodle hacked to provide both Shibboleth and conventional access

What Next?

• Identity management: University tenants and 1,500+ Olympic volunteers

• Shibbolizing Windows (IIS) and Oracle services (Apache/Solaris)

• Collaboration with other institutions, e.g. Midlands Energy Graduate School, Manufacturing Technology Centre

Dark Clouds?

• midata: Identities curated by Google, Facebook, Amazon etc

• SAML vs. OpenID, OAuth, Open Graph etc

• SAML/Shibboleth strategic tech, or niche?

Dark Clouds&Silver LiningsPresentation for FAM11

Martin HamiltonTwitter: @martin_hamiltonBlog: martinh.net

Scratchpad:goo.gl/Oh9pG