Dark Clouds&Silver LiningsPresentation for FAM11
Martin HamiltonTwitter: @martin_hamiltonBlog: martinh.net
Scratchpad:goo.gl/Oh9pG
Background: SSO at Loughborough
• Mostly coalesced around Active Directory Kerberos / LDAP authentication
• Not true "Single" Sign-On, as additional logins with same credentials required
• Hacks and bodges to simulate web SSO• Separate user IDs and/or passwords for
oLibrary, Students Union, Agresso etc
Enter: Google Apps for Education
• Requirement for access using University credentials: Trojan Horse for true SSO
• SSO examples using Shibboleth, simpleSAMLphp etc
• Interest in offering Google for Alumni• simpleSAMLphp readily hacked to do our
bidding
Enter: Loughborough University Login
What We Learned: Browser Stats
What We Learned: OS Stats
What We Learned: Phones/Tablets
What We Learned: Location
What We Learned: Location
What We Did
• simpleSAMLphp identity provider, hacked to check against AD & Google
• Integration with Shibboleth (MSL Students Union system)
• Integration with Guanxi (GroupGTI TargetConnect careers system)
• Moodle hacked to provide both Shibboleth and conventional access
What Next?
• Identity management: University tenants and 1,500+ Olympic volunteers
• Shibbolizing Windows (IIS) and Oracle services (Apache/Solaris)
• Collaboration with other institutions, e.g. Midlands Energy Graduate School, Manufacturing Technology Centre
Dark Clouds?
• midata: Identities curated by Google, Facebook, Amazon etc
• SAML vs. OpenID, OAuth, Open Graph etc
• SAML/Shibboleth strategic tech, or niche?
Dark Clouds&Silver LiningsPresentation for FAM11
Martin HamiltonTwitter: @martin_hamiltonBlog: martinh.net
Scratchpad:goo.gl/Oh9pG